Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
7EznMik8Fw.exe

Overview

General Information

Sample name:7EznMik8Fw.exe
renamed because original name is a hash value
Original sample name:fc5586ca851cbf4eed21ae5c11b8e5d7c23379561016f779f5fe346439e2f55d.exe
Analysis ID:1571343
MD5:a02bd3671b7dab9f036b13c8b0339714
SHA1:9c48e8a80a0cf0a1ca1e4328091241c242dfc5b4
SHA256:fc5586ca851cbf4eed21ae5c11b8e5d7c23379561016f779f5fe346439e2f55d
Tags:busquedasxurl-comexeuser-JAMESWT_MHT
Infos:

Detection

Python Stealer
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Contains functionality to infect the boot sector
Found pyInstaller with non standard icon
Yara detected Generic Python Stealer
Binary contains a suspicious time stamp
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to enumerate running services
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 7EznMik8Fw.exe (PID: 4344 cmdline: "C:\Users\user\Desktop\7EznMik8Fw.exe" MD5: A02BD3671B7DAB9F036B13C8B0339714)
    • 7EznMik8Fw.exe (PID: 4196 cmdline: "C:\Users\user\Desktop\7EznMik8Fw.exe" MD5: A02BD3671B7DAB9F036B13C8B0339714)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: 7EznMik8Fw.exe PID: 4196JoeSecurity_GenericPythonStealerYara detected Generic Python StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: 7EznMik8Fw.exeAvira: detected
    Multi AV Scanner detection for submitted file
    Source: 7EznMik8Fw.exeReversingLabs: Detection: 28%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.5% probability
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93943420 ERR_new,ERR_set_debug,X509_get0_pubkey,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,CRYPTO_malloc,EVP_PKEY_encrypt_init,RAND_bytes_ex,EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free,2_2_00007FFD93943420
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E11BD CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FFD938E11BD
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93929370 ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_set_mark,ERR_pop_to_mark,ERR_new,ERR_set_debug,ERR_clear_last_mark,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFD93929370
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1997 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_decapsulate,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FFD938E1997
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938ED2E1 CRYPTO_free,2_2_00007FFD938ED2E1
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD939312E0 ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,2_2_00007FFD939312E0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9392D2F0 RAND_bytes_ex,CRYPTO_malloc,memset,2_2_00007FFD9392D2F0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1992 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,OPENSSL_LH_new,X509_STORE_new,CTLOG_STORE_new_ex,OPENSSL_sk_num,X509_VERIFY_PARAM_new,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,CRYPTO_secure_zalloc,RAND_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,ERR_new,ERR_set_debug,2_2_00007FFD938E1992
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1ED8 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_find,CRYPTO_free,ERR_new,ERR_set_debug,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFD938E1ED8
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1ACD ERR_new,ERR_set_debug,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,memcpy,ERR_new,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,2_2_00007FFD938E1ACD
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E144C EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,2_2_00007FFD938E144C
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E155A ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FFD938E155A
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD939252A0 CRYPTO_free,2_2_00007FFD939252A0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E230B ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_new,EVP_MD_fetch,ERR_new,ERR_new,ERR_set_debug,EVP_MD_free,EVP_MD_get_size,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_free,CRYPTO_free,2_2_00007FFD938E230B
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1483 CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFD938E1483
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93943210 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,2_2_00007FFD93943210
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938EB200 CRYPTO_clear_free,2_2_00007FFD938EB200
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E20EF CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFD938E20EF
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9394D170 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,2_2_00007FFD9394D170
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E111D CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,ERR_new,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,2_2_00007FFD938E111D
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93941126 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFD93941126
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938ED140 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFD938ED140
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938EF060 CRYPTO_free,CRYPTO_memdup,2_2_00007FFD938EF060
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD939310C0 CRYPTO_free,CRYPTO_memdup,2_2_00007FFD939310C0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9390D0C0 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,2_2_00007FFD9390D0C0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9394B0D0 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFD9394B0D0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E2121 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memcmp,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFD938E2121
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1262 X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FFD938E1262
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938EF7F0 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,CRYPTO_malloc,EVP_PKEY_encapsulate,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_free,EVP_PKEY_CTX_free,2_2_00007FFD938EF7F0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93949850 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFD93949850
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E11DB EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FFD938E11DB
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E19E7 CRYPTO_free,2_2_00007FFD938E19E7
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E162C EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_DigestSignUpdate,EVP_DigestSignFinal,CRYPTO_malloc,EVP_DigestSignFinal,ERR_new,ERR_new,EVP_DigestSign,ERR_new,CRYPTO_malloc,EVP_DigestSign,BUF_reverse,ERR_new,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_MD_CTX_free,2_2_00007FFD938E162C
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93957820 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_new,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,ERR_new,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,2_2_00007FFD93957820
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1846 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,OPENSSL_sk_push,OPENSSL_sk_num,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_value,X509_get0_pubkey,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,2_2_00007FFD938E1846
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1582 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFD938E1582
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93959790 EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_clear_error,ASN1_item_d2i,ASN1_TYPE_get,ERR_new,ERR_set_debug,EVP_PKEY_decrypt,ERR_new,EVP_PKEY_CTX_ctrl,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,ASN1_item_free,2_2_00007FFD93959790
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E108C ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFD938E108C
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93937770 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFD93937770
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938F97B0 CRYPTO_free,CRYPTO_strdup,2_2_00007FFD938F97B0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1087 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,2_2_00007FFD938E1087
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938F7730 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFD938F7730
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9390D750 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FFD9390D750
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E25D6 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,2_2_00007FFD938E25D6
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E2522 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFD938E2522
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9393F660 CRYPTO_free,CRYPTO_memdup,2_2_00007FFD9393F660
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E176C CRYPTO_malloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_up_ref,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup,2_2_00007FFD938E176C
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD939235E0 CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,2_2_00007FFD939235E0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1646 EVP_MD_CTX_new,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_id,EVP_PKEY_get_id,EVP_PKEY_get_id,EVP_MD_get0_name,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,BUF_reverse,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_MD_CTX_ctrl,ERR_new,ERR_set_debug,ERR_new,EVP_DigestVerify,ERR_new,ERR_new,ERR_new,ERR_set_debug,BIO_free,EVP_MD_CTX_free,CRYPTO_free,2_2_00007FFD938E1646
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938F14E0 CRYPTO_free,CRYPTO_strndup,2_2_00007FFD938F14E0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E12CB CRYPTO_THREAD_run_once,2_2_00007FFD938E12CB
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93955540 CRYPTO_memcmp,2_2_00007FFD93955540
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938EF540 EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_derive_set_peer,EVP_PKEY_is_a,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_derive,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,2_2_00007FFD938EF540
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9392F490 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFD9392F490
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1023 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,2_2_00007FFD938E1023
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E193D CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFD938E193D
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93913460 CRYPTO_malloc,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,memset,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,ERR_set_debug,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,ERR_set_mark,EVP_KEYMGMT_free,ERR_pop_to_mark,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFD93913460
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E267B CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFD938E267B
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E23E7 CRYPTO_free,CRYPTO_memdup,2_2_00007FFD938E23E7
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E150F OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_VERIFY_PARAM_get_depth,CRYPTO_dup_ex_data,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup,2_2_00007FFD938E150F
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1CEE CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,2_2_00007FFD938E1CEE
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1361 CRYPTO_malloc,EVP_PKEY_set_type,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_CTX_free,ERR_pop_to_mark,CRYPTO_free,EVP_PKEY_free,2_2_00007FFD938E1361
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E5C53 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_set_data,BIO_clear_flags,2_2_00007FFD938E5C53
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9392DB60 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFD9392DB60
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9394BB70 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFD9394BB70
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E222A ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,2_2_00007FFD938E222A
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93945B10 EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFD93945B10
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93905AE0 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFD93905AE0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938F5B10 COMP_zlib,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,2_2_00007FFD938F5B10
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9392DAF0 CRYPTO_free,2_2_00007FFD9392DAF0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938F3B30 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFD938F3B30
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E13D9 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,2_2_00007FFD938E13D9
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1C53 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFD938E1C53
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E23EC CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,2_2_00007FFD938E23EC
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD939059F0 CRYPTO_free,CRYPTO_free,2_2_00007FFD939059F0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1A16 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFD938E1A16
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938F5A10 OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,2_2_00007FFD938F5A10
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93937A40 CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFD93937A40
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E271B CRYPTO_free,CRYPTO_strdup,2_2_00007FFD938E271B
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E107D CRYPTO_free,2_2_00007FFD938E107D
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938F7980 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_malloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,strncmp,CRYPTO_free,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_delete,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_free,2_2_00007FFD938F7980
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E204A CRYPTO_free,CRYPTO_malloc,ERR_new,RAND_bytes_ex,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFD938E204A
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1B31 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFD938E1B31
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9393F8F0 CRYPTO_free,CRYPTO_strndup,2_2_00007FFD9393F8F0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1D84 CRYPTO_free,CRYPTO_memdup,2_2_00007FFD938E1D84
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93905870 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFD93905870
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E586A BIO_get_data,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_clear_flags,BIO_get_data,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,2_2_00007FFD938E586A
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1B18 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_memcmp,ERR_new,ERR_new,2_2_00007FFD938E1B18
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E2590 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFD938E2590
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD939438A0 EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,CRYPTO_malloc,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,2_2_00007FFD939438A0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93914000 CRYPTO_realloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFD93914000
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E103C CRYPTO_malloc,COMP_expand_block,2_2_00007FFD938E103C
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9392E040 CRYPTO_free,2_2_00007FFD9392E040
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1D8E EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,CRYPTO_zalloc,EVP_MAC_CTX_free,EVP_MAC_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_fetch,EVP_MAC_CTX_new,EVP_MAC_free,EVP_CIPHER_CTX_new,EVP_CIPHER_fetch,OSSL_PARAM_construct_utf8_string,OSSL_PARAM_construct_end,EVP_MAC_init,EVP_DecryptInit_ex,EVP_CIPHER_free,EVP_CIPHER_free,EVP_CIPHER_free,EVP_MAC_CTX_get_mac_size,EVP_CIPHER_CTX_get_iv_length,EVP_MAC_final,CRYPTO_memcmp,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FFD938E1D8E
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1EDD CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,_time64,memcpy,EVP_MD_get0_name,EVP_MD_is_a,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFD938E1EDD
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93951F70 CRYPTO_memcmp,2_2_00007FFD93951F70
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938EDFB2 ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,2_2_00007FFD938EDFB2
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93959F10 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFD93959F10
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1AC3 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,2_2_00007FFD938E1AC3
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E236F CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFD938E236F
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E2027 CRYPTO_free,2_2_00007FFD938E2027
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E24E6 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFD938E24E6
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93901E60 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,2_2_00007FFD93901E60
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E5E80 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,2_2_00007FFD938E5E80
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E3EB0 CRYPTO_free,2_2_00007FFD938E3EB0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938FBEC0 CRYPTO_free,CRYPTO_memdup,2_2_00007FFD938FBEC0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938EDEC0 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFD938EDEC0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1CE9 memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFD938E1CE9
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E16A4 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFD938E16A4
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938F5D80 CRYPTO_THREAD_run_once,2_2_00007FFD938F5D80
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E15E6 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,memcpy,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFD938E15E6
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93905CF0 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,d2i_X509,X509_get0_pubkey,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_new,ERR_set_debug,ERR_set_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFD93905CF0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1F50 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFD938E1F50
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93943D30 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FFD93943D30
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1CBC EVP_MD_get_size,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFD938E1CBC
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1F37 CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFD938E1F37
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93937CD0 CRYPTO_memcmp,2_2_00007FFD93937CD0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E19DD BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,CRYPTO_free,CRYPTO_strdup,2_2_00007FFD938E19DD
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E139D memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,2_2_00007FFD938E139D
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93900380 X509_VERIFY_PARAM_free,CRYPTO_free_ex_data,BIO_pop,BIO_free,BIO_free_all,BIO_free_all,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FFD93900380
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938F43A0 OPENSSL_sk_num,X509_STORE_CTX_new_ex,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_STORE_CTX_init,ERR_new,ERR_set_debug,ERR_set_error,X509_STORE_CTX_free,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_verify_cert,X509_STORE_CTX_get_error,OPENSSL_sk_pop_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,ERR_new,ERR_set_debug,ERR_set_error,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,2_2_00007FFD938F43A0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E25EF CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_clear_free,2_2_00007FFD938E25EF
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD939522F0 CRYPTO_free,CRYPTO_memdup,2_2_00007FFD939522F0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E4300 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFD938E4300
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93938350 CRYPTO_free,CRYPTO_strndup,2_2_00007FFD93938350
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E23D8 EVP_MD_get_size,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_clear_free,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFD938E23D8
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1B54 memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,memcmp,EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,memcpy,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFD938E1B54
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9392E260 CRYPTO_free,2_2_00007FFD9392E260
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1401 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,2_2_00007FFD938E1401
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E2180 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FFD938E2180
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9395A2C0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,EVP_PKEY_CTX_set_rsa_padding,OSSL_PARAM_construct_uint,OSSL_PARAM_construct_end,EVP_PKEY_CTX_set_params,EVP_PKEY_decrypt,OPENSSL_cleanse,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_CTX_free,2_2_00007FFD9395A2C0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9392E200 CRYPTO_free,2_2_00007FFD9392E200
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938F21F0 CRYPTO_THREAD_run_once,2_2_00007FFD938F21F0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1389 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFD938E1389
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938FE227 CRYPTO_THREAD_write_lock,2_2_00007FFD938FE227
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93924230 CRYPTO_malloc,memset,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FFD93924230
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93922230 ERR_new,ERR_set_debug,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,BN_clear_free,2_2_00007FFD93922230
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E198D CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFD938E198D
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD939021C0 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_dup,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_new_ex_data,2_2_00007FFD939021C0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93944110 ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FFD93944110
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E24C8 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,2_2_00007FFD938E24C8
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E26DF BIO_s_file,BIO_new,ERR_new,ERR_set_debug,BIO_ctrl,ERR_new,ERR_set_debug,strncmp,ERR_new,ERR_set_debug,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,2_2_00007FFD938E26DF
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1140 CRYPTO_free,2_2_00007FFD938E1140
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1AB4 CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFD938E1AB4
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9392E0C1 CRYPTO_free,CRYPTO_free,2_2_00007FFD9392E0C1
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD939380A0 CRYPTO_free,CRYPTO_memdup,2_2_00007FFD939380A0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1893 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_strdup,ERR_new,ERR_set_debug,2_2_00007FFD938E1893
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E136B ERR_new,ERR_set_debug,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,ERR_new,ERR_set_debug,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFD938E136B
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93954809 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFD93954809
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938F47F0 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free,2_2_00007FFD938F47F0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93928810 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFD93928810
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938F4790 CRYPTO_get_ex_new_index,2_2_00007FFD938F4790
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9395A770 BN_bin2bn,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFD9395A770
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E17DF ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFD938E17DF
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93940700 ERR_new,ERR_set_debug,CRYPTO_clear_free,2_2_00007FFD93940700
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD939466E0 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFD939466E0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD939526E0 CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_fetch,EVP_CIPHER_get_iv_length,RAND_bytes_ex,EVP_CIPHER_free,EVP_EncryptUpdate,EVP_EncryptFinal,ERR_new,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get_iv_length,ERR_new,ERR_new,CRYPTO_free,EVP_CIPHER_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_CIPHER_CTX_free,2_2_00007FFD939526E0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1CA3 CRYPTO_strdup,CRYPTO_free,2_2_00007FFD938E1CA3
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1771 CRYPTO_free,2_2_00007FFD938E1771
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E22D4 CRYPTO_malloc,CONF_parse_list,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,2_2_00007FFD938E22D4
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93906758 CRYPTO_malloc,ERR_new,ERR_set_debug,CRYPTO_clear_free,OPENSSL_LH_num_items,OPENSSL_LH_num_items,2_2_00007FFD93906758
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E17E9 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,memcmp,ERR_new,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFD938E17E9
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E14CE CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFD938E14CE
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD939286D0 OPENSSL_cleanse,CRYPTO_free,2_2_00007FFD939286D0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E26AD ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,2_2_00007FFD938E26AD
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9390E5E0 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FFD9390E5E0
    Source: 7EznMik8Fw.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: api-ms-win-crt-locale-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2137179563.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
    Source: Binary string: ucrtbase.pdb source: 7EznMik8Fw.exe, 00000002.00000002.3407592347.00007FFDA3495000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
    Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2136885594.00000231371E7000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: 7EznMik8Fw.exe, 00000002.00000002.3401529100.00007FFD93003000.00000002.00000001.01000000.00000020.sdmp
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: 7EznMik8Fw.exe, 00000002.00000002.3403076331.00007FFD93D59000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb source: win32api.pyd.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: 7EznMik8Fw.exe, 00000000.00000003.2134345969.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3409004585.00007FFDA54F3000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb** source: 7EznMik8Fw.exe, 00000002.00000002.3405240890.00007FFD9DB60000.00000002.00000001.01000000.0000001E.sdmp, pywintypes312.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2135841119.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
    Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2137495911.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2134498631.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3407986191.00007FFDA3FD5000.00000002.00000001.01000000.0000001F.sdmp
    Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: api-ms-win-core-util-l1-1-0.dll.0.dr
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb source: 7EznMik8Fw.exe, 00000002.00000002.3405240890.00007FFD9DB60000.00000002.00000001.01000000.0000001E.sdmp, pywintypes312.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: 7EznMik8Fw.exe, 00000002.00000002.3408370227.00007FFDA4341000.00000002.00000001.01000000.00000008.sdmp, _ctypes.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2135587857.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3406579379.00007FFDA32F7000.00000002.00000001.01000000.00000017.sdmp, _hashlib.pyd.0.dr
    Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2136972048.00000231371E7000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32crypt.pdb source: 7EznMik8Fw.exe, 00000002.00000002.3405441960.00007FFD9DED1000.00000002.00000001.01000000.0000001D.sdmp
    Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2136688085.00000231371E7000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2134600948.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3407707848.00007FFDA3A88000.00000002.00000001.01000000.00000014.sdmp
    Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2137037925.00000231371EE000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: 7EznMik8Fw.exe, 00000002.00000002.3406691510.00007FFDA3332000.00000002.00000001.01000000.00000016.sdmp, pyexpat.pyd.0.dr
    Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: api-ms-win-crt-convert-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2135711838.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3407437647.00007FFDA33CC000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2134732279.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3408082976.00007FFDA416D000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
    Source: Binary string: ucrtbase.pdbUGP source: 7EznMik8Fw.exe, 00000002.00000002.3407592347.00007FFDA3495000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2136114206.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3407816302.00007FFDA3AE9000.00000002.00000001.01000000.0000000D.sdmp, _socket.pyd.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: 7EznMik8Fw.exe, 00000000.00000003.2134498631.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3407986191.00007FFDA3FD5000.00000002.00000001.01000000.0000001F.sdmp
    Source: Binary string: X509_SIGPKCS8_encrypt_excrypto\pkcs12\p12_p8e.cPKCS8_set0_pbe_excompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: 7EznMik8Fw.exe, 00000002.00000002.3401529100.00007FFD93003000.00000002.00000001.01000000.00000020.sdmp
    Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: api-ms-win-crt-time-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: 7EznMik8Fw.exe, 00000002.00000002.3403635102.00007FFD942B4000.00000002.00000001.01000000.00000005.sdmp
    Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2137382808.00000231371E7000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: 7EznMik8Fw.exe, 00000002.00000002.3402126884.00007FFD938CF000.00000002.00000001.01000000.0000001A.sdmp
    Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: 7EznMik8Fw.exe, 00000002.00000002.3403076331.00007FFD93DF1000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: 7EznMik8Fw.exe, 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2135930497.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3408592458.00007FFDA46D6000.00000002.00000001.01000000.00000015.sdmp
    Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2136788028.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2134345969.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3409004585.00007FFDA54F3000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: 7EznMik8Fw.exe, 00000002.00000002.3402002576.00007FFD9377C000.00000002.00000001.01000000.0000001C.sdmp
    Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: 7EznMik8Fw.exe, 00000002.00000002.3403076331.00007FFD93DF1000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: 7EznMik8Fw.exe, 00000002.00000002.3408809556.00007FFDA5493000.00000002.00000001.01000000.0000000E.sdmp, select.pyd.0.dr
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb!! source: win32api.pyd.0.dr
    Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2137279314.00000231371E7000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: 7EznMik8Fw.exe, 00000000.00000003.2135711838.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3407437647.00007FFDA33CC000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: api-ms-win-crt-process-l1-1-0.dll.0.dr
    Source: Binary string: crypto\stack\stack.cOPENSSL_sk_dupOPENSSL_sk_deep_copysk_reserveOPENSSL_sk_new_reserveOPENSSL_sk_reserveOPENSSL_sk_insertOPENSSL_sk_seti=%dcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC3.1.4built on: Fri Nov 24 00:12:45 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptoOPENSSL_atexitcrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: 7EznMik8Fw.exe, 00000002.00000002.3401529100.00007FFD93003000.00000002.00000001.01000000.00000020.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32crypt.pdb!! source: 7EznMik8Fw.exe, 00000002.00000002.3405441960.00007FFD9DED1000.00000002.00000001.01000000.0000001D.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2136028430.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3408703644.00007FFDA4DA3000.00000002.00000001.01000000.0000000F.sdmp
    Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-7t032bmh\src\rust\target\release\deps\cryptography_rust.pdbcQ source: 7EznMik8Fw.exe, 00000002.00000002.3401529100.00007FFD93003000.00000002.00000001.01000000.00000020.sdmp
    Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-7t032bmh\src\rust\target\release\deps\cryptography_rust.pdb source: 7EznMik8Fw.exe, 00000002.00000002.3401529100.00007FFD93003000.00000002.00000001.01000000.00000020.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2136577351.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3408904961.00007FFDA54B4000.00000002.00000001.01000000.0000000C.sdmp, _wmi.pyd.0.dr
    Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: 7EznMik8Fw.exe, 00000000.00000003.2136577351.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3408904961.00007FFDA54B4000.00000002.00000001.01000000.0000000C.sdmp, _wmi.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: 7EznMik8Fw.exe, 00000002.00000002.3406460673.00007FFDA2E9F000.00000002.00000001.01000000.0000001B.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: 7EznMik8Fw.exe, 00000002.00000002.3397430893.00000276F9CD0000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: D:\a\1\b\libssl-3.pdb source: 7EznMik8Fw.exe, 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: 7EznMik8Fw.exe, 00000002.00000002.3407293756.00007FFDA335D000.00000002.00000001.01000000.00000011.sdmp, _ssl.pyd.0.dr
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E97E4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF682E97E4C
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E888D0 FindFirstFileExW,FindClose,0_2_00007FF682E888D0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682EA1EE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF682EA1EE4
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E97E4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF682E97E4C
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93632E70 memset,PyList_New,SetErrorMode,PyArg_ParseTuple,PyObject_IsTrue,PyEval_SaveThread,GetLogicalDriveStringsA,PyEval_RestoreThread,PyErr_SetFromWindowsErr,SetErrorMode,PyEval_SaveThread,GetDriveTypeA,PyEval_RestoreThread,GetVolumeInformationA,strcat_s,SetLastError,strcat_s,strcat_s,strcat_s,FindFirstVolumeMountPointA,strcpy_s,strcat_s,Py_BuildValue,PyList_Append,_Py_Dealloc,FindNextVolumeMountPointA,FindVolumeMountPointClose,strcat_s,strcat_s,Py_BuildValue,PyList_Append,_Py_Dealloc,strchr,SetErrorMode,FindVolumeMountPointClose,SetErrorMode,_Py_Dealloc,_Py_Dealloc,2_2_00007FFD93632E70
    Source: Joe Sandbox ViewIP Address: 34.224.200.202 34.224.200.202
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficDNS traffic detected: DNS query: httpbin.org
    Source: 7EznMik8Fw.exe, 00000002.00000002.3400092589.00000276FB7C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
    Source: 7EznMik8Fw.exe, 00000002.00000002.3398809969.00000276FA960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://aka.ms/vcpython27
    Source: 7EznMik8Fw.exe, 00000002.00000003.2172773300.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3398450388.00000276FA60D000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2172357597.00000276FA42C000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA4A8000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA42C000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA4A8000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FAFBB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA220000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2172635006.00000276FA60D000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399224716.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.cryptographyusering.com/2012/05/how-to-choose-authenticated-encryption.html
    Source: 7EznMik8Fw.exe, 00000000.00000003.2135413913.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2134732279.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136654969.00000231371F4000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135587857.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2134600948.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136577351.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135930497.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135243184.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136028430.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136414995.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136247673.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135711838.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136114206.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135841119.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: 7EznMik8Fw.exe, 00000000.00000003.2135413913.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2134732279.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135587857.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2134600948.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136577351.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135930497.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135243184.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136028430.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136414995.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136247673.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135711838.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136114206.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135841119.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
    Source: 7EznMik8Fw.exe, 00000000.00000003.2135413913.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2134732279.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135587857.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2134600948.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136577351.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135930497.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135243184.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136028430.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136414995.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136247673.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135711838.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136114206.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135841119.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: 7EznMik8Fw.exe, 00000000.00000003.2135413913.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2134732279.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136654969.00000231371F4000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135587857.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2134600948.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136577351.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135930497.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135243184.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136028430.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136414995.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136247673.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135711838.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136114206.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135841119.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: 7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA4A8000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA4A8000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397548789.00000276F9F32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
    Source: 7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577916/
    Source: 7EznMik8Fw.exe, 00000002.00000002.3398450388.00000276FA60D000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA330000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FB13C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FB04A000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA220000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA2B1000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FB0EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA2B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crlx
    Source: 7EznMik8Fw.exe, 00000002.00000002.3398450388.00000276FA60D000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FB13C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA330000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FB13C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl4/
    Source: 7EznMik8Fw.exe, 00000002.00000002.3398450388.00000276FA60D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crlyA
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399224716.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FAFBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399224716.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FAFBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399224716.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crlt
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FB0EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FB04A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
    Source: 7EznMik8Fw.exe, 00000000.00000003.2135413913.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2134732279.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136654969.00000231371F4000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135587857.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2134600948.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136577351.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135930497.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135243184.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136028430.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136414995.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136247673.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135711838.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136114206.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135841119.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: 7EznMik8Fw.exe, 00000000.00000003.2135413913.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2134732279.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135587857.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2134600948.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136577351.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135930497.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135243184.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136028430.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136414995.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136247673.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135711838.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136114206.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135841119.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
    Source: 7EznMik8Fw.exe, 00000000.00000003.2135413913.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2134732279.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135587857.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2134600948.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136577351.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135930497.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135243184.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136028430.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136414995.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136247673.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135711838.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136114206.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135841119.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: 7EznMik8Fw.exe, 00000000.00000003.2136414995.00000231371E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.cr
    Source: _hashlib.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: 7EznMik8Fw.exe, 00000000.00000003.2135413913.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2134732279.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135587857.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2134600948.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136577351.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135930497.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135243184.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136028430.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136414995.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136247673.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135711838.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136114206.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135841119.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
    Source: 7EznMik8Fw.exe, 00000002.00000002.3398450388.00000276FA60D000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2172635006.00000276FA60D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
    Source: 7EznMik8Fw.exe, 00000002.00000003.2172357597.00000276FA42C000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA42C000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA220000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
    Source: 7EznMik8Fw.exe, 00000002.00000003.2172773300.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FAFBB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399224716.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
    Source: 7EznMik8Fw.exe, 00000002.00000003.2172773300.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA56F000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3400092589.00000276FB7C0000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2172357597.00000276FA330000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3400306980.00000276FB9C0000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA330000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA220000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3400184149.00000276FB8C0000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3400184149.00000276FB95C000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2172635006.00000276FA60D000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399224716.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
    Source: 7EznMik8Fw.exe, 00000002.00000002.3400092589.00000276FB7C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
    Source: 7EznMik8Fw.exe, 00000002.00000002.3398945430.00000276FABC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
    Source: 7EznMik8Fw.exe, 00000002.00000002.3398945430.00000276FABC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399038264.00000276FACC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate
    Source: 7EznMik8Fw.exe, 00000002.00000002.3398629405.00000276FA730000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399132005.00000276FADC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertools.html#recipes
    Source: 7EznMik8Fw.exe, 00000002.00000003.2172357597.00000276FA330000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA330000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2168303500.00000276FA330000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/unittest.html
    Source: 7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3398629405.00000276FA730000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399132005.00000276FADC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tar.gz
    Source: 7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3398629405.00000276FA730000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399132005.00000276FADC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tgz
    Source: 7EznMik8Fw.exe, 00000002.00000002.3400184149.00000276FB8F0000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA220000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://goo.gl/zeJZl.
    Source: 7EznMik8Fw.exe, 00000002.00000002.3398450388.00000276FA5F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
    Source: 7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA56F000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA56F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
    Source: 7EznMik8Fw.exe, 00000002.00000003.2172357597.00000276FA330000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA330000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397548789.00000276F9E00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
    Source: 7EznMik8Fw.exe, 00000002.00000002.3400306980.00000276FBA8C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FB13C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FB13C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
    Source: 7EznMik8Fw.exe, 00000000.00000003.2135413913.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2134732279.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135587857.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2134600948.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136577351.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135930497.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135243184.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136028430.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136414995.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136247673.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135711838.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136114206.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135841119.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0
    Source: 7EznMik8Fw.exe, 00000000.00000003.2135413913.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2134732279.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136654969.00000231371F4000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135587857.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2134600948.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136577351.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135930497.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135243184.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136028430.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136414995.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136247673.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135711838.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136114206.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135841119.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0A
    Source: 7EznMik8Fw.exe, 00000000.00000003.2135413913.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2134732279.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136654969.00000231371F4000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135587857.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2134600948.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136577351.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135930497.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135243184.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136028430.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136414995.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136247673.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135711838.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136114206.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135841119.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: 7EznMik8Fw.exe, 00000000.00000003.2135413913.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2134732279.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135587857.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2134600948.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136577351.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135930497.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135243184.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136028430.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136414995.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136247673.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135711838.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136114206.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135841119.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0X
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399038264.00000276FACC0000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399132005.00000276FADC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA330000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA56F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA56F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/N
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA330000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/per
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA56F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/yy
    Source: 7EznMik8Fw.exe, 00000002.00000003.2172773300.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FAFBB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2172635006.00000276FA60D000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399224716.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4880
    Source: 7EznMik8Fw.exe, 00000002.00000002.3400184149.00000276FB8F0000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3400306980.00000276FB9C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5297
    Source: 7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA4A8000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA4A8000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2172635006.00000276FA60D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5869
    Source: 7EznMik8Fw.exe, 00000002.00000002.3400092589.00000276FB7C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA220000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FB13C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FB0EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FB13C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FB13C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FB13C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FB13C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
    Source: 7EznMik8Fw.exe, 00000002.00000002.3398945430.00000276FABC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FB13C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA5AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/0
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399224716.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/may
    Source: 7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA4A8000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA4A8000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA220000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
    Source: 7EznMik8Fw.exe, 00000000.00000003.2135413913.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2134732279.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135587857.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2134600948.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136577351.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135930497.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135243184.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136028430.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136414995.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136247673.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135711838.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2136114206.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000000.00000003.2135841119.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA415000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA330000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA220000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FB0EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA2B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA220000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/info/rfc7253
    Source: 7EznMik8Fw.exe, 00000002.00000002.3398450388.00000276FA60D000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA220000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2172635006.00000276FA60D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
    Source: 7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA5AF000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA5AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399132005.00000276FADC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
    Source: 7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/botz
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397836333.00000276FA120000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3398543024.00000276FA620000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue44497.
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399038264.00000276FACC0000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://busquedasxurl.com/login/conexion/bloqueadoreslogs.php?ip=
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399038264.00000276FACC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://busquedasxurl.com/login/conexion/bloqueadoreslogs.php?ip=yy
    Source: 7EznMik8Fw.exe, 00000002.00000002.3400184149.00000276FB8F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://busquedasxurl.com/login/conexion/recibidor.php
    Source: 7EznMik8Fw.exe, 00000002.00000002.3405122309.00007FFD9DA3D000.00000002.00000001.01000000.00000021.sdmpString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
    Source: METADATA.0.drString found in binary or memory: https://cryptography.io
    Source: METADATA.0.drString found in binary or memory: https://cryptography.io/
    Source: METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/changelog/
    Source: 7EznMik8Fw.exe, 00000002.00000002.3401529100.00007FFD93003000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file
    Source: METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/installation/
    Source: METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/security/
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA220000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397548789.00000276F9F32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/multiprocessing.html
    Source: 7EznMik8Fw.exe, 00000002.00000002.3400092589.00000276FB7C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
    Source: 7EznMik8Fw.exe, 00000002.00000002.3400092589.00000276FB7C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399995307.00000276FB6C0000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3398629405.00000276FA730000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
    Source: 7EznMik8Fw.exe, 00000002.00000003.2172773300.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399224716.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
    Source: 7EznMik8Fw.exe, 00000002.00000003.2160128430.00000276F99C1000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397240579.00000276F9990000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
    Source: 7EznMik8Fw.exe, 00000002.00000002.3400510290.00000276FBB74000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FB03A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/giampaolo/psutil/issues/875.
    Source: 7EznMik8Fw.exe, 00000002.00000002.3398629405.00000276FA730000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399132005.00000276FADC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
    Source: 7EznMik8Fw.exe, 00000000.00000002.3396823044.00000231371F4000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3405282264.00007FFD9DB71000.00000002.00000001.01000000.0000001E.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3405492476.00007FFD9DEDE000.00000002.00000001.01000000.0000001D.sdmp, win32api.pyd.0.dr, pywintypes312.dll.0.drString found in binary or memory: https://github.com/mhammond/pywin32
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399132005.00000276FADC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/platformdirs/platformdirs
    Source: METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography
    Source: METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/
    Source: METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
    Source: METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/issues
    Source: 7EznMik8Fw.exe, 00000002.00000002.3401529100.00007FFD93003000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues/8996
    Source: METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
    Source: 7EznMik8Fw.exe, 00000002.00000002.3398629405.00000276FA730000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
    Source: 7EznMik8Fw.exe, 00000002.00000002.3398543024.00000276FA620000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2168303500.00000276FA2AF000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2172357597.00000276FA2A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397454008.00000276F9D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397104151.00000276F98FC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397240579.00000276F9990000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
    Source: 7EznMik8Fw.exe, 00000002.00000003.2160128430.00000276F99C1000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397240579.00000276F9990000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
    Source: 7EznMik8Fw.exe, 00000002.00000003.2162778218.00000276F9F8C000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2162306851.00000276F9F54000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397548789.00000276F9F32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
    Source: 7EznMik8Fw.exe, 00000002.00000002.3398543024.00000276FA620000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/issues/396
    Source: 7EznMik8Fw.exe, 00000002.00000003.2160128430.00000276F99C1000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397240579.00000276F9990000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
    Source: 7EznMik8Fw.exe, 00000002.00000002.3400092589.00000276FB7C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
    Source: 7EznMik8Fw.exe, 00000002.00000003.2172773300.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399224716.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399995307.00000276FB6C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
    Source: 7EznMik8Fw.exe, 00000002.00000003.2172773300.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2172357597.00000276FA42C000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA42C000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399224716.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397240579.00000276F9990000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
    Source: 7EznMik8Fw.exe, 00000002.00000003.2172357597.00000276FA42C000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA42C000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA220000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397240579.00000276F9990000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
    Source: 7EznMik8Fw.exe, 00000002.00000002.3400184149.00000276FB8C0000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA56F000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399224716.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FAFB0000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA2B1000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2172357597.00000276FA2A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
    Source: 7EznMik8Fw.exe, 00000002.00000002.3400510290.00000276FBC0C000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399132005.00000276FADC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/ip
    Source: 7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
    Source: METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397836333.00000276FA120000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA42C000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2172357597.00000276FA330000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397548789.00000276F9F32000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA330000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA220000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2168303500.00000276FA330000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
    Source: 7EznMik8Fw.exe, 00000002.00000003.2172773300.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FAFBB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399224716.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
    Source: METADATA.0.drString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA220000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
    Source: 7EznMik8Fw.exe, 00000002.00000002.3398721697.00000276FA850000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.
    Source: 7EznMik8Fw.exe, 00000002.00000002.3398809969.00000276FA960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397548789.00000276F9F32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/declaring-project-metadata/
    Source: 7EznMik8Fw.exe, 00000002.00000002.3398721697.00000276FA850000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397836333.00000276FA120000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3398543024.00000276FA620000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397753587.00000276FA020000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0205/
    Source: 7EznMik8Fw.exe, 00000002.00000002.3403635102.00007FFD942B4000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://peps.python.org/pep-0263/
    Source: 7EznMik8Fw.exe, 00000002.00000002.3398809969.00000276FA960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0685/
    Source: 7EznMik8Fw.exe, 00000002.00000002.3398629405.00000276FA730000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/build/).
    Source: METADATA.0.drString found in binary or memory: https://pypi.org/project/cryptography/
    Source: METADATA.0.drString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399995307.00000276FB6C0000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3398629405.00000276FA730000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
    Source: 7EznMik8Fw.exe, 00000002.00000002.3400184149.00000276FB8F0000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
    Source: 7EznMik8Fw.exe, 00000002.00000002.3398721697.00000276FA850000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397548789.00000276F9F32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399132005.00000276FADC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FB04A000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3400510290.00000276FBB74000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FB03A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/4457745#4457745.
    Source: 7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
    Source: 7EznMik8Fw.exe, 00000002.00000003.2172357597.00000276FA42C000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA42C000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA220000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3610
    Source: 7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA4A8000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA4A8000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA220000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5297
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA220000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
    Source: 7EznMik8Fw.exe, 00000002.00000003.2172773300.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399224716.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397240579.00000276F9990000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: 7EznMik8Fw.exe, 00000002.00000002.3398543024.00000276FA620000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://upload.pypi.org/legacy/
    Source: 7EznMik8Fw.exe, 00000002.00000002.3400092589.00000276FB7C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
    Source: 7EznMik8Fw.exe, 00000002.00000002.3400092589.00000276FB7C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyP
    Source: 7EznMik8Fw.exe, 00000002.00000002.3400092589.00000276FB7C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA220000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz
    Source: LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/
    Source: LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
    Source: 7EznMik8Fw.exe, 00000002.00000003.2172357597.00000276FA330000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA330000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
    Source: 7EznMik8Fw.exe, 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3403354235.00007FFD93E9A000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://www.openssl.org/H
    Source: 7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FAFBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397104151.00000276F9880000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2160714646.00000276F9A14000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
    Source: 7EznMik8Fw.exe, 00000002.00000002.3404019248.00007FFD9442C000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.python.org/psf/license/
    Source: 7EznMik8Fw.exe, 00000002.00000002.3403635102.00007FFD942B4000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.python.org/psf/license/)
    Source: 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FB13C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
    Source: 7EznMik8Fw.exe, 00000002.00000002.3398450388.00000276FA60D000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA330000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
    Source: 7EznMik8Fw.exe, 00000002.00000003.2172357597.00000276FA42C000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA42C000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93631E90 PyList_New,GetActiveProcessorCount,PyErr_SetFromWindowsErr,_Py_Dealloc,free,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,PyExc_RuntimeError,PyErr_SetString,malloc,PyErr_NoMemory,NtQuerySystemInformation,Py_BuildValue,PyList_Append,_Py_Dealloc,free,_Py_Dealloc,2_2_00007FFD93631E90
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93636AA0 OpenProcess,GetLastError,NtQueryInformationProcess,RtlNtStatusToDosErrorNoTeb,PyErr_SetFromWindowsErrWithFilename,CloseHandle,ReadProcessMemory,GetLastError,CloseHandle,ReadProcessMemory,NtQueryInformationProcess,CloseHandle,ReadProcessMemory,ReadProcessMemory,VirtualQueryEx,GetLastError,PyErr_SetFromWindowsErrWithFilename,CloseHandle,calloc,PyErr_NoMemory,CloseHandle,ReadProcessMemory,GetLastError,CloseHandle,free,CloseHandle,2_2_00007FFD93636AA0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93632480 GetActiveProcessorCount,PyErr_SetFromWindowsErr,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,PyExc_RuntimeError,PyErr_SetString,malloc,PyErr_NoMemory,NtQuerySystemInformation,free,malloc,PyErr_NoMemory,NtQuerySystemInformation,malloc,PyErr_NoMemory,NtQuerySystemInformation,free,free,free,free,free,Py_BuildValue,2_2_00007FFD93632480
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93634680 PyArg_ParseTuple,GetProcessHeap,HeapAlloc,NtQuerySystemInformation,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,NtQuerySystemInformation,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,NtQuerySystemInformation,GetProcessHeap,HeapFree,Py_BuildValue,PyUnicode_FromWideChar,GetProcessHeap,HeapFree,PyErr_NoMemory,2_2_00007FFD93634680
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93634A70 PyArg_ParseTuple,OpenProcess,GetLastError,GetProcessHeap,HeapAlloc,NtQueryVirtualMemory,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,NtQueryVirtualMemory,PyExc_RuntimeError,PyErr_SetString,CloseHandle,PyErr_Clear,GetProcessHeap,HeapFree,CloseHandle,GetProcessHeap,HeapFree,CloseHandle,Py_BuildValue,PyErr_NoMemory,CloseHandle,2_2_00007FFD93634A70
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93636250 GetProcessHeap,HeapAlloc,GetFileType,SetLastError,NtQueryObject,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,PyErr_NoMemory,GetProcessHeap,HeapFree,2_2_00007FFD93636250
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93636E40 PyExc_RuntimeError,PyErr_SetString,OpenProcess,GetLastError,NtQueryInformationProcess,CloseHandle,CloseHandle,calloc,PyErr_NoMemory,CloseHandle,NtQueryInformationProcess,calloc,PyErr_NoMemory,free,CloseHandle,wcscpy_s,free,CloseHandle,2_2_00007FFD93636E40
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93635720 PyArg_ParseTuple,OpenProcess,GetLastError,NtQueryInformationProcess,CloseHandle,Py_BuildValue,2_2_00007FFD93635720
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93635810 PyArg_ParseTuple,OpenProcess,GetLastError,NtSetInformationProcess,CloseHandle,_Py_NoneStruct,_Py_NoneStruct,2_2_00007FFD93635810
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93634D00 PyArg_ParseTuple,OpenProcess,GetLastError,PyObject_IsTrue,NtSuspendProcess,NtResumeProcess,CloseHandle,_Py_NoneStruct,_Py_NoneStruct,2_2_00007FFD93634D00
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93636600 PyList_New,EnterCriticalSection,GetProcessHeap,HeapAlloc,PyErr_NoMemory,_Py_Dealloc,NtQuerySystemInformation,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,NtQuerySystemInformation,GetProcessHeap,HeapFree,PyExc_RuntimeError,PyErr_SetString,GetCurrentProcess,DuplicateHandle,PyUnicode_FromWideChar,PyList_Append,_Py_Dealloc,GetProcessHeap,HeapFree,CloseHandle,CloseHandle,GetProcessHeap,HeapFree,_Py_Dealloc,GetProcessHeap,HeapFree,LeaveCriticalSection,2_2_00007FFD93636600
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936373F0 malloc,NtQuerySystemInformation,free,malloc,PyErr_NoMemory,free,free,2_2_00007FFD936373F0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93632B00: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle,2_2_00007FFD93632B00
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682EA63700_2_00007FF682EA6370
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E879500_2_00007FF682E87950
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682EA72BC0_2_00007FF682EA72BC
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E9A4300_2_00007FF682E9A430
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E9E4B00_2_00007FF682E9E4B0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E97C980_2_00007FF682E97C98
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E91C900_2_00007FF682E91C90
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E9EB300_2_00007FF682E9EB30
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E93AE40_2_00007FF682E93AE4
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E922A40_2_00007FF682E922A4
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682EA0F380_2_00007FF682EA0F38
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682EA42800_2_00007FF682EA4280
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E91A840_2_00007FF682E91A84
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E9E01C0_2_00007FF682E9E01C
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682EA9FF80_2_00007FF682EA9FF8
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E88FD00_2_00007FF682E88FD0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E97E4C0_2_00007FF682E97E4C
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E81F500_2_00007FF682E81F50
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682EA0F380_2_00007FF682EA0F38
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E920A00_2_00007FF682E920A0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E918800_2_00007FF682E91880
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682EA65EC0_2_00007FF682EA65EC
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682EA6D700_2_00007FF682EA6D70
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E92D500_2_00007FF682E92D50
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E95F300_2_00007FF682E95F30
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682EA471C0_2_00007FF682EA471C
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E936E00_2_00007FF682E936E0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682EA1EE40_2_00007FF682EA1EE4
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E986D00_2_00007FF682E986D0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E91E940_2_00007FF682E91E94
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E97E4C0_2_00007FF682E97E4C
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93631E902_2_00007FFD93631E90
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936399D02_2_00007FFD936399D0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936339902_2_00007FFD93633990
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93632E702_2_00007FFD93632E70
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93638F302_2_00007FFD93638F30
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93632B002_2_00007FFD93632B00
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936366002_2_00007FFD93636600
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93634DF02_2_00007FFD93634DF0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936B33B02_2_00007FFD936B33B0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD937044102_2_00007FFD93704410
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936772D02_2_00007FFD936772D0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936532952_2_00007FFD93653295
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936EA2802_2_00007FFD936EA280
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936F43302_2_00007FFD936F4330
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936D83102_2_00007FFD936D8310
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936762F02_2_00007FFD936762F0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936B11D02_2_00007FFD936B11D0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD937051C02_2_00007FFD937051C0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9369F2302_2_00007FFD9369F230
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD937110E02_2_00007FFD937110E0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936540B02_2_00007FFD936540B0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD937020B02_2_00007FFD937020B0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936690602_2_00007FFD93669060
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936610602_2_00007FFD93661060
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936CB0602_2_00007FFD936CB060
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936BA1102_2_00007FFD936BA110
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9369F7D02_2_00007FFD9369F7D0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936577C42_2_00007FFD936577C4
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9367D7C02_2_00007FFD9367D7C0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936547C02_2_00007FFD936547C0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936F27A02_2_00007FFD936F27A0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936807902_2_00007FFD93680790
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD937067802_2_00007FFD93706780
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9369A7702_2_00007FFD9369A770
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9365282E2_2_00007FFD9365282E
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9366C8002_2_00007FFD9366C800
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936F76C02_2_00007FFD936F76C0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936F47502_2_00007FFD936F4750
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936D67002_2_00007FFD936D6700
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936666F02_2_00007FFD936666F0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936F35D02_2_00007FFD936F35D0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936F85B02_2_00007FFD936F85B0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936945902_2_00007FFD93694590
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936C25802_2_00007FFD936C2580
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936596402_2_00007FFD93659640
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936716302_2_00007FFD93671630
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9367E4D02_2_00007FFD9367E4D0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936574B12_2_00007FFD936574B1
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936634902_2_00007FFD93663490
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936AA4902_2_00007FFD936AA490
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9367C5302_2_00007FFD9367C530
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936AB5302_2_00007FFD936AB530
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936545102_2_00007FFD93654510
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93653BC02_2_00007FFD93653BC0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936D2BB02_2_00007FFD936D2BB0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93693BA02_2_00007FFD93693BA0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9368BB912_2_00007FFD9368BB91
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936DBAD02_2_00007FFD936DBAD0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93669AB02_2_00007FFD93669AB0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93696B402_2_00007FFD93696B40
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936DFB302_2_00007FFD936DFB30
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936D8B102_2_00007FFD936D8B10
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936E5B002_2_00007FFD936E5B00
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936C099B2_2_00007FFD936C099B
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936739802_2_00007FFD93673980
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936859602_2_00007FFD93685960
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936B5A402_2_00007FFD936B5A40
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD937059E02_2_00007FFD937059E0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936C58A02_2_00007FFD936C58A0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936FC8702_2_00007FFD936FC870
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9365A9402_2_00007FFD9365A940
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD937079202_2_00007FFD93707920
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936FE8E02_2_00007FFD936FE8E0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936AEFB02_2_00007FFD936AEFB0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9366BFA02_2_00007FFD9366BFA0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93667F602_2_00007FFD93667F60
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936570302_2_00007FFD93657030
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936990102_2_00007FFD93699010
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9367CFE02_2_00007FFD9367CFE0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936BAE702_2_00007FFD936BAE70
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936E5EF02_2_00007FFD936E5EF0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9365BDA02_2_00007FFD9365BDA0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936A9D802_2_00007FFD936A9D80
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9366CDE02_2_00007FFD9366CDE0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93678CB02_2_00007FFD93678CB0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93659C802_2_00007FFD93659C80
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9365FC702_2_00007FFD9365FC70
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD937C12F02_2_00007FFD937C12F0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD937C18A02_2_00007FFD937C18A0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD939293702_2_00007FFD93929370
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1FD72_2_00007FFD938E1FD7
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9392D2F02_2_00007FFD9392D2F0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E155A2_2_00007FFD938E155A
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938F70B02_2_00007FFD938F70B0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD939257702_2_00007FFD93925770
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9392D7C02_2_00007FFD9392D7C0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9390B7002_2_00007FFD9390B700
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1AD72_2_00007FFD938E1AD7
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93959B302_2_00007FFD93959B30
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E21DF2_2_00007FFD938E21DF
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E15962_2_00007FFD938E1596
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E15462_2_00007FFD938E1546
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1D8E2_2_00007FFD938E1D8E
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1EDD2_2_00007FFD938E1EDD
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93905CF02_2_00007FFD93905CF0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1CBC2_2_00007FFD938E1CBC
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD939183F02_2_00007FFD939183F0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E1B542_2_00007FFD938E1B54
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E116D2_2_00007FFD938E116D
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD939526E02_2_00007FFD939526E0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: String function: 00007FF682E82B30 appears 47 times
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: String function: 00007FFD9395C181 appears 786 times
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: String function: 00007FFD936594B0 appears 134 times
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: String function: 00007FFD9395C16F appears 233 times
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: String function: 00007FFD9395C265 appears 37 times
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: String function: 00007FFD93680F90 appears 34 times
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: String function: 00007FFD93631070 appears 43 times
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: String function: 00007FFD93631D70 appears 39 times
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: String function: 00007FFD9365A550 appears 171 times
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: String function: 00007FFD938E1325 appears 337 times
    Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: _overlapped.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-interlocked-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-util-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-console-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-process-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-synch-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-timezone-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-file-l2-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-debug-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-profile-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-localization-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-datetime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-math-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-time-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-locale-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-file-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-file-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: python3.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-environment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-stdio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-processthreads-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-handle-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-synch-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-processthreads-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-utility-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-conio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-convert-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-runtime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-memory-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: 7EznMik8Fw.exe, 00000000.00000003.2135413913.00000231371E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000000.00000003.2137037925.00000231371EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000000.00000003.2137179563.00000231371E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000000.00000003.2134732279.00000231371E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000000.00000002.3396823044.00000231371F4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32crypt.pyd0 vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000000.00000003.2134345969.00000231371E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000000.00000003.2135587857.00000231371E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000000.00000003.2134498631.00000231371E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000000.00000003.2137279314.00000231371E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000000.00000003.2134600948.00000231371E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000000.00000003.2136972048.00000231371E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000000.00000003.2136577351.00000231371E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000000.00000003.2135930497.00000231371E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000000.00000003.2137382808.00000231371E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000000.00000003.2135243184.00000231371E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000000.00000003.2137459294.00000231371EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000000.00000003.2136028430.00000231371E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000000.00000003.2136885594.00000231371E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000000.00000003.2136414995.00000231371E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000000.00000003.2136247673.00000231371E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000000.00000003.2135711838.00000231371E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000000.00000003.2136114206.00000231371E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000000.00000003.2135841119.00000231371E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000000.00000003.2136788028.00000231371E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000000.00000003.2136654969.00000231371EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exeBinary or memory string: OriginalFilename vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000002.00000002.3407494927.00007FFDA33D5000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000002.00000002.3406508488.00007FFDA2EAB000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000002.00000002.3408026488.00007FFDA3FD9000.00000002.00000001.01000000.0000001F.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilenamelibsslH vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000002.00000002.3402374532.00007FFD938D4000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000002.00000002.3408418883.00007FFDA434E000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000002.00000002.3408638426.00007FFDA46DB000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000002.00000002.3408847243.00007FFDA5496000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000002.00000002.3408128928.00007FFDA4172000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000002.00000002.3407643722.00007FFDA34D2000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000002.00000002.3407376604.00007FFDA3379000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000002.00000002.3408746233.00007FFDA4DA6000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000002.00000002.3403354235.00007FFD93E9A000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000002.00000002.3409044324.00007FFDA54F9000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000002.00000002.3407033350.00007FFDA333D000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000002.00000002.3408940690.00007FFDA54B7000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000002.00000002.3406623848.00007FFDA32FE000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000002.00000002.3407854960.00007FFDA3AF3000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397430893.00000276F9CD0000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000002.00000002.3405282264.00007FFD9DB71000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: OriginalFilenamepywintypes312.dll0 vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000002.00000002.3402061018.00007FFD937AF000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000002.00000002.3404368204.00007FFD94555000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamepython312.dll. vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000002.00000002.3405492476.00007FFD9DEDE000.00000002.00000001.01000000.0000001D.sdmpBinary or memory string: OriginalFilenamewin32crypt.pyd0 vs 7EznMik8Fw.exe
    Source: 7EznMik8Fw.exe, 00000002.00000002.3407748486.00007FFDA3A8F000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs 7EznMik8Fw.exe
    Source: classification engineClassification label: mal72.troj.evad.winEXE@3/122@1/1
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E88560 GetLastError,FormatMessageW,WideCharToMultiByte,0_2_00007FF682E88560
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93637DB0 GetCurrentProcess,OpenProcessToken,GetLastError,ImpersonateSelf,OpenProcessToken,GetLastError,PyErr_SetFromWindowsErrWithFilename,LookupPrivilegeValueA,GetLastError,PyErr_SetFromWindowsErrWithFilename,AdjustTokenPrivileges,GetLastError,PyErr_SetFromWindowsErrWithFilename,AdjustTokenPrivileges,RevertToSelf,CloseHandle,2_2_00007FFD93637DB0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93632A30 PyArg_ParseTuple,PyUnicode_AsWideCharString,PyEval_SaveThread,GetDiskFreeSpaceExW,PyEval_RestoreThread,PyMem_Free,PyExc_OSError,PyErr_SetExcFromWindowsErrWithFilenameObject,Py_BuildValue,2_2_00007FFD93632A30
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9363601F PyDict_New,memset,CreateToolhelp32Snapshot,PyErr_SetFromWindowsErr,_Py_Dealloc,Process32First,PyLong_FromLong,PyLong_FromLong,PyDict_SetItem,_Py_Dealloc,_Py_Dealloc,Process32Next,CloseHandle,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,CloseHandle,2_2_00007FFD9363601F
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93638AA0 PyArg_ParseTuple,StartServiceA,CloseServiceHandle,CloseServiceHandle,_Py_NoneStruct,_Py_NoneStruct,2_2_00007FFD93638AA0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442Jump to behavior
    Source: 7EznMik8Fw.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: 7EznMik8Fw.exe, 00000002.00000002.3402002576.00007FFD9377C000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
    Source: 7EznMik8Fw.exe, 00000002.00000002.3402002576.00007FFD9377C000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
    Source: 7EznMik8Fw.exe, 00000002.00000002.3402002576.00007FFD9377C000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
    Source: 7EznMik8Fw.exe, 00000002.00000002.3402002576.00007FFD9377C000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
    Source: 7EznMik8Fw.exe, 7EznMik8Fw.exe, 00000002.00000002.3402002576.00007FFD9377C000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
    Source: 7EznMik8Fw.exe, 00000002.00000002.3402002576.00007FFD9377C000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
    Source: 7EznMik8Fw.exe, 00000002.00000002.3402002576.00007FFD9377C000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
    Source: 7EznMik8Fw.exeReversingLabs: Detection: 28%
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile read: C:\Users\user\Desktop\7EznMik8Fw.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\7EznMik8Fw.exe "C:\Users\user\Desktop\7EznMik8Fw.exe"
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeProcess created: C:\Users\user\Desktop\7EznMik8Fw.exe "C:\Users\user\Desktop\7EznMik8Fw.exe"
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeProcess created: C:\Users\user\Desktop\7EznMik8Fw.exe "C:\Users\user\Desktop\7EznMik8Fw.exe"Jump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: vcruntime140.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: libffi-8.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: libcrypto-3.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: libssl-3.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: libcrypto-3.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: sqlite3.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: pywintypes312.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: vcruntime140_1.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: vcruntime140_1.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: powrprof.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: pdh.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: umpdc.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: wtsapi32.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: textshaping.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
    Source: 7EznMik8Fw.exeStatic PE information: Image base 0x140000000 > 0x60000000
    Source: 7EznMik8Fw.exeStatic file information: File size 17524998 > 1048576
    Source: 7EznMik8Fw.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: 7EznMik8Fw.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: 7EznMik8Fw.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: 7EznMik8Fw.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: 7EznMik8Fw.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: 7EznMik8Fw.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: 7EznMik8Fw.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Source: 7EznMik8Fw.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: api-ms-win-crt-locale-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2137179563.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
    Source: Binary string: ucrtbase.pdb source: 7EznMik8Fw.exe, 00000002.00000002.3407592347.00007FFDA3495000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
    Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2136885594.00000231371E7000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: 7EznMik8Fw.exe, 00000002.00000002.3401529100.00007FFD93003000.00000002.00000001.01000000.00000020.sdmp
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: 7EznMik8Fw.exe, 00000002.00000002.3403076331.00007FFD93D59000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb source: win32api.pyd.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: 7EznMik8Fw.exe, 00000000.00000003.2134345969.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3409004585.00007FFDA54F3000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb** source: 7EznMik8Fw.exe, 00000002.00000002.3405240890.00007FFD9DB60000.00000002.00000001.01000000.0000001E.sdmp, pywintypes312.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2135841119.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
    Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2137495911.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2134498631.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3407986191.00007FFDA3FD5000.00000002.00000001.01000000.0000001F.sdmp
    Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: api-ms-win-core-util-l1-1-0.dll.0.dr
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb source: 7EznMik8Fw.exe, 00000002.00000002.3405240890.00007FFD9DB60000.00000002.00000001.01000000.0000001E.sdmp, pywintypes312.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: 7EznMik8Fw.exe, 00000002.00000002.3408370227.00007FFDA4341000.00000002.00000001.01000000.00000008.sdmp, _ctypes.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2135587857.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3406579379.00007FFDA32F7000.00000002.00000001.01000000.00000017.sdmp, _hashlib.pyd.0.dr
    Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2136972048.00000231371E7000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32crypt.pdb source: 7EznMik8Fw.exe, 00000002.00000002.3405441960.00007FFD9DED1000.00000002.00000001.01000000.0000001D.sdmp
    Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2136688085.00000231371E7000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2134600948.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3407707848.00007FFDA3A88000.00000002.00000001.01000000.00000014.sdmp
    Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2137037925.00000231371EE000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: 7EznMik8Fw.exe, 00000002.00000002.3406691510.00007FFDA3332000.00000002.00000001.01000000.00000016.sdmp, pyexpat.pyd.0.dr
    Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: api-ms-win-crt-convert-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2135711838.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3407437647.00007FFDA33CC000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2134732279.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3408082976.00007FFDA416D000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
    Source: Binary string: ucrtbase.pdbUGP source: 7EznMik8Fw.exe, 00000002.00000002.3407592347.00007FFDA3495000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2136114206.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3407816302.00007FFDA3AE9000.00000002.00000001.01000000.0000000D.sdmp, _socket.pyd.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: 7EznMik8Fw.exe, 00000000.00000003.2134498631.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3407986191.00007FFDA3FD5000.00000002.00000001.01000000.0000001F.sdmp
    Source: Binary string: X509_SIGPKCS8_encrypt_excrypto\pkcs12\p12_p8e.cPKCS8_set0_pbe_excompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: 7EznMik8Fw.exe, 00000002.00000002.3401529100.00007FFD93003000.00000002.00000001.01000000.00000020.sdmp
    Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: api-ms-win-crt-time-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: 7EznMik8Fw.exe, 00000002.00000002.3403635102.00007FFD942B4000.00000002.00000001.01000000.00000005.sdmp
    Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2137382808.00000231371E7000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: 7EznMik8Fw.exe, 00000002.00000002.3402126884.00007FFD938CF000.00000002.00000001.01000000.0000001A.sdmp
    Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: 7EznMik8Fw.exe, 00000002.00000002.3403076331.00007FFD93DF1000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: 7EznMik8Fw.exe, 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2135930497.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3408592458.00007FFDA46D6000.00000002.00000001.01000000.00000015.sdmp
    Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2136788028.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2134345969.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3409004585.00007FFDA54F3000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: 7EznMik8Fw.exe, 00000002.00000002.3402002576.00007FFD9377C000.00000002.00000001.01000000.0000001C.sdmp
    Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: 7EznMik8Fw.exe, 00000002.00000002.3403076331.00007FFD93DF1000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: 7EznMik8Fw.exe, 00000002.00000002.3408809556.00007FFDA5493000.00000002.00000001.01000000.0000000E.sdmp, select.pyd.0.dr
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb!! source: win32api.pyd.0.dr
    Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2137279314.00000231371E7000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: 7EznMik8Fw.exe, 00000000.00000003.2135711838.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3407437647.00007FFDA33CC000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: api-ms-win-crt-process-l1-1-0.dll.0.dr
    Source: Binary string: crypto\stack\stack.cOPENSSL_sk_dupOPENSSL_sk_deep_copysk_reserveOPENSSL_sk_new_reserveOPENSSL_sk_reserveOPENSSL_sk_insertOPENSSL_sk_seti=%dcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC3.1.4built on: Fri Nov 24 00:12:45 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptoOPENSSL_atexitcrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: 7EznMik8Fw.exe, 00000002.00000002.3401529100.00007FFD93003000.00000002.00000001.01000000.00000020.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32crypt.pdb!! source: 7EznMik8Fw.exe, 00000002.00000002.3405441960.00007FFD9DED1000.00000002.00000001.01000000.0000001D.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2136028430.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3408703644.00007FFDA4DA3000.00000002.00000001.01000000.0000000F.sdmp
    Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-7t032bmh\src\rust\target\release\deps\cryptography_rust.pdbcQ source: 7EznMik8Fw.exe, 00000002.00000002.3401529100.00007FFD93003000.00000002.00000001.01000000.00000020.sdmp
    Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-7t032bmh\src\rust\target\release\deps\cryptography_rust.pdb source: 7EznMik8Fw.exe, 00000002.00000002.3401529100.00007FFD93003000.00000002.00000001.01000000.00000020.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: 7EznMik8Fw.exe, 00000000.00000003.2136577351.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3408904961.00007FFDA54B4000.00000002.00000001.01000000.0000000C.sdmp, _wmi.pyd.0.dr
    Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: 7EznMik8Fw.exe, 00000000.00000003.2136577351.00000231371E7000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3408904961.00007FFDA54B4000.00000002.00000001.01000000.0000000C.sdmp, _wmi.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: 7EznMik8Fw.exe, 00000002.00000002.3406460673.00007FFDA2E9F000.00000002.00000001.01000000.0000001B.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: 7EznMik8Fw.exe, 00000002.00000002.3397430893.00000276F9CD0000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: D:\a\1\b\libssl-3.pdb source: 7EznMik8Fw.exe, 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: 7EznMik8Fw.exe, 00000002.00000002.3407293756.00007FFDA335D000.00000002.00000001.01000000.00000011.sdmp, _ssl.pyd.0.dr
    Source: 7EznMik8Fw.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: 7EznMik8Fw.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: 7EznMik8Fw.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: 7EznMik8Fw.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: 7EznMik8Fw.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: api-ms-win-crt-process-l1-1-0.dll.0.drStatic PE information: 0xA8F275DA [Mon Oct 27 06:36:10 2059 UTC]
    Source: 7EznMik8Fw.exeStatic PE information: section name: _RDATA
    Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
    Source: python312.dll.0.drStatic PE information: section name: PyRuntim
    Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
    Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
    Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682EC5004 push rsp; retf 0_2_00007FF682EC5005
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9369161E push rdx; iretd 2_2_00007FFD93691621
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93904021 push rcx; ret 2_2_00007FFD93904022

    Persistence and Installation Behavior

    barindex
    Contains functionality to infect the boot sector
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, \\.\PhysicalDrive%d2_2_00007FFD93632B00
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, PhysicalDrive%i2_2_00007FFD93632B00
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, DeviceIoControl -> ERROR_INVALID_FUNCTION; ignore PhysicalDrive%i2_2_00007FFD93632B00
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, DeviceIoControl -> ERROR_NOT_SUPPORTED; ignore PhysicalDrive%i2_2_00007FFD93632B00
    Found pyInstaller with non standard icon
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeProcess created: "C:\Users\user\Desktop\7EznMik8Fw.exe"
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\VCRUNTIME140_1.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_chacha20.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\pywin32_system32\pywintypes312.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_ocb.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\libffi-8.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_SHA1.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\python3.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-file-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_MD2.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\_multiprocessing.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\_ssl.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\_decimal.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_des3.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_cbc.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\ucrtbase.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Util\_strxor.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_SHA224.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_BLAKE2b.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_MD4.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\libssl-3.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_ofb.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-util-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_SHA256.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\python312.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\libcrypto-3.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_cfb.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_SHA384.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\_asyncio.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\PublicKey\_ed25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\_overlapped.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\_ctypes.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\_cffi_backend.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_des.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-file-l2-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\_hashlib.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\win32\win32crypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\_queue.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\psutil\_psutil_windows.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_cast.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_SHA512.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\_lzma.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\PublicKey\_ec_ws.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_BLAKE2s.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\PublicKey\_ed448.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_ARC4.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\VCRUNTIME140.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-console-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_aes.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\cryptography\hazmat\bindings\_rust.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_ecb.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_arc2.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\_wmi.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_RIPEMD160.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\sqlite3.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Protocol\_scrypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\win32\win32api.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\PublicKey\_x25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_keccak.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_MD5.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_aesni.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-file-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_Salsa20.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\_sqlite3.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Math\_modexp.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_ghash_portable.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-string-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\unicodedata.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\pyexpat.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Util\_cpuid_c.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\_socket.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_ctr.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\select.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_ghash_clmul.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_poly1305.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI43442\_bz2.pydJump to dropped file

    Boot Survival

    barindex
    Contains functionality to infect the boot sector
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, \\.\PhysicalDrive%d2_2_00007FFD93632B00
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, PhysicalDrive%i2_2_00007FFD93632B00
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, DeviceIoControl -> ERROR_INVALID_FUNCTION; ignore PhysicalDrive%i2_2_00007FFD93632B00
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, DeviceIoControl -> ERROR_NOT_SUPPORTED; ignore PhysicalDrive%i2_2_00007FFD93632B00
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93638AA0 PyArg_ParseTuple,StartServiceA,CloseServiceHandle,CloseServiceHandle,_Py_NoneStruct,_Py_NoneStruct,2_2_00007FFD93638AA0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E851E0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF682E851E0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: PyList_New,OpenSCManagerA,GetLastError,PyErr_SetFromWindowsErrWithFilename,EnumServicesStatusExW,GetLastError,free,malloc,EnumServicesStatusExW,PyUnicode_FromWideChar,PyUnicode_FromWideChar,Py_BuildValue,PyList_Append,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,CloseServiceHandle,free,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,CloseServiceHandle,free,2_2_00007FFD93638170
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_chacha20.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_ocb.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_SHA1.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\python3.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-file-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_MD2.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\_multiprocessing.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\_ssl.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\_decimal.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_des3.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_cbc.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Util\_strxor.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_SHA224.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_MD4.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_BLAKE2b.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_ofb.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-util-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_SHA256.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\python312.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_cfb.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_SHA384.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\_asyncio.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\PublicKey\_ed25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\_overlapped.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\_ctypes.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\_cffi_backend.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_des.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-file-l2-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\_hashlib.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\_queue.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\win32\win32crypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_cast.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\psutil\_psutil_windows.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\_lzma.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_SHA512.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\PublicKey\_ec_ws.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_BLAKE2s.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\PublicKey\_ed448.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_ARC4.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-console-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_aes.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\cryptography\hazmat\bindings\_rust.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_ecb.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_arc2.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\_wmi.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_RIPEMD160.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Protocol\_scrypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\PublicKey\_x25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\win32\win32api.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_keccak.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_MD5.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_aesni.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-file-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_Salsa20.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\_sqlite3.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Math\_modexp.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_ghash_portable.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-string-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\unicodedata.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\pyexpat.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Util\_cpuid_c.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\_socket.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_ctr.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\select.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_ghash_clmul.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_poly1305.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI43442\_bz2.pydJump to dropped file
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-16314
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeAPI coverage: 1.5 %
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E97E4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF682E97E4C
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E888D0 FindFirstFileExW,FindClose,0_2_00007FF682E888D0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682EA1EE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF682EA1EE4
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E97E4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF682E97E4C
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD93632E70 memset,PyList_New,SetErrorMode,PyArg_ParseTuple,PyObject_IsTrue,PyEval_SaveThread,GetLogicalDriveStringsA,PyEval_RestoreThread,PyErr_SetFromWindowsErr,SetErrorMode,PyEval_SaveThread,GetDriveTypeA,PyEval_RestoreThread,GetVolumeInformationA,strcat_s,SetLastError,strcat_s,strcat_s,strcat_s,FindFirstVolumeMountPointA,strcpy_s,strcat_s,Py_BuildValue,PyList_Append,_Py_Dealloc,FindNextVolumeMountPointA,FindVolumeMountPointClose,strcat_s,strcat_s,Py_BuildValue,PyList_Append,_Py_Dealloc,strchr,SetErrorMode,FindVolumeMountPointClose,SetErrorMode,_Py_Dealloc,_Py_Dealloc,2_2_00007FFD93632E70
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936318C0 PyModule_Create2,getenv,RtlGetVersion,GetSystemInfo,InitializeCriticalSection,PyModule_GetState,PyErr_NewException,_Py_Dealloc,PyErr_NewException,PyModule_AddObject,PyErr_NewException,PyModule_AddObject,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,2_2_00007FFD936318C0
    Source: 7EznMik8Fw.exe, 00000002.00000002.3397240579.00000276F99DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWv
    Source: cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
    Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E9ABD8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF682E9ABD8
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682EA3AF0 GetProcessHeap,0_2_00007FF682EA3AF0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E9ABD8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF682E9ABD8
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E8BCE0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF682E8BCE0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E8C760 SetUnhandledExceptionFilter,0_2_00007FF682E8C760
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E8C57C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF682E8C57C
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9363A978 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFD9363A978
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9363A050 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFD9363A050
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD9377ABE0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFD9377ABE0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD937C2AA0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFD937C2AA0
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD937C3068 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFD937C3068
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD938E2126 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFD938E2126
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeProcess created: C:\Users\user\Desktop\7EznMik8Fw.exe "C:\Users\user\Desktop\7EznMik8Fw.exe"Jump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682EA9E40 cpuid 0_2_00007FF682EA9E40
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\PublicKey VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\PublicKey VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Util VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\certifi VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\ucrtbase.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\_bz2.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\_lzma.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\_wmi.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\_socket.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\select.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\_queue.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\_ssl.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\_asyncio.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\_overlapped.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\pyexpat.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI43442\_hashlib.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeQueries volume information: C:\Users\user\Desktop\7EznMik8Fw.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682E8C460 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF682E8C460
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 0_2_00007FF682EA6370 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF682EA6370
    Source: C:\Users\user\Desktop\7EznMik8Fw.exeCode function: 2_2_00007FFD936318C0 PyModule_Create2,getenv,RtlGetVersion,GetSystemInfo,InitializeCriticalSection,PyModule_GetState,PyErr_NewException,_Py_Dealloc,PyErr_NewException,PyModule_AddObject,PyErr_NewException,PyModule_AddObject,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,2_2_00007FFD936318C0

    Stealing of Sensitive Information

    barindex
    Yara detected Generic Python Stealer
    Source: Yara matchFile source: Process Memory Space: 7EznMik8Fw.exe PID: 4196, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected Generic Python Stealer
    Source: Yara matchFile source: Process Memory Space: 7EznMik8Fw.exe PID: 4196, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
    Windows Management Instrumentation    		1
    Windows Service    		1
    Access Token Manipulation    		1
    Virtualization/Sandbox Evasion    		OS Credential Dumping2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		22
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts2
    Service Execution    		1
    Bootkit    		1
    Windows Service    		1
    Access Token Manipulation    		LSASS Memory31
    Security Software Discovery    		Remote Desktop ProtocolData from Removable Media1
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain Accounts1
    Native API    		1
    DLL Side-Loading    		11
    Process Injection    		11
    Process Injection    		Security Account Manager1
    Virtualization/Sandbox Evasion    		SMB/Windows Admin SharesData from Network Shared Drive2
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
    DLL Side-Loading    		1
    Deobfuscate/Decode Files or Information    		NTDS1
    Process Discovery    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
    Obfuscated Files or Information    		LSA Secrets1
    System Service Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    Bootkit    		Cached Domain Credentials2
    File and Directory Discovery    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
    Timestomp    		DCSync26
    System Information Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    DLL Side-Loading    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    7EznMik8Fw.exe29%ReversingLabsWin32.Ransomware.Generic
    7EznMik8Fw.exe100%AviraTR/PSW.Agent.tqqnk

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_ARC4.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_Salsa20.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_chacha20.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_pkcs1_decode.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_aes.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_aesni.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_arc2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_blowfish.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_cast.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_cbc.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_cfb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_ctr.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_des.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_des3.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_ecb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_eksblowfish.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_ocb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_ofb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_BLAKE2b.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_BLAKE2s.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_MD2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_MD4.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_MD5.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_RIPEMD160.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_SHA1.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_SHA224.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_SHA256.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_SHA384.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_SHA512.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_ghash_clmul.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_ghash_portable.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_keccak.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_poly1305.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Math\_modexp.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Protocol\_scrypt.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\PublicKey\_ec_ws.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\PublicKey\_ed25519.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\PublicKey\_ed448.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\PublicKey\_x25519.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Util\_cpuid_c.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Util\_strxor.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\VCRUNTIME140.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\VCRUNTIME140_1.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\_asyncio.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\_bz2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\_cffi_backend.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\_ctypes.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\_decimal.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\_hashlib.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\_lzma.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\_multiprocessing.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\_overlapped.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\_queue.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\_socket.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\_sqlite3.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\_ssl.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\_wmi.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://repository.swisssign.com/N0%Avira URL Cloudsafe
    https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyP0%Avira URL Cloudsafe
    http://repository.swisssign.com/per0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    httpbin.org
    		34.224.200.202
    		truefalse
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA220000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        https://github.com/pyca/cryptography/issues/89967EznMik8Fw.exe, 00000002.00000002.3401529100.00007FFD93003000.00000002.00000001.01000000.00000020.sdmpfalse
          		high
          https://api.telegram.org/bot7EznMik8Fw.exe, 00000002.00000002.3399132005.00000276FADC0000.00000004.00001000.00020000.00000000.sdmpfalse
            		high
            https://github.com/giampaolo/psutil/issues/875.7EznMik8Fw.exe, 00000002.00000002.3400510290.00000276FBB74000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FB03A000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://api.telegram.org/botz7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages7EznMik8Fw.exe, 00000002.00000002.3399132005.00000276FADC0000.00000004.00001000.00020000.00000000.sdmpfalse
                  		high
                  http://aka.ms/vcpython277EznMik8Fw.exe, 00000002.00000002.3398809969.00000276FA960000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    https://github.com/mhammond/pywin327EznMik8Fw.exe, 00000000.00000002.3396823044.00000231371F4000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3405282264.00007FFD9DB71000.00000002.00000001.01000000.0000001E.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3405492476.00007FFD9DEDE000.00000002.00000001.01000000.0000001D.sdmp, win32api.pyd.0.dr, pywintypes312.dll.0.drfalse
                      		high
                      http://crl.dhimyotis.com/certignarootca.crl07EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA330000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://docs.python.org/library/unittest.html7EznMik8Fw.exe, 00000002.00000003.2172357597.00000276FA330000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA330000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2168303500.00000276FA330000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://setuptools.pypa.io/en/latest/7EznMik8Fw.exe, 00000002.00000002.3398721697.00000276FA850000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#7EznMik8Fw.exe, 00000002.00000003.2160128430.00000276F99C1000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397240579.00000276F9990000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://github.com/pyca/cryptography/actions?query=workflow%3ACIMETADATA.0.drfalse
                                		high
                                http://goo.gl/zeJZl.7EznMik8Fw.exe, 00000002.00000002.3400184149.00000276FB8F0000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA220000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://tools.ietf.org/html/rfc2388#section-4.47EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://www.apache.org/licenses/LICENSE-2.0LICENSE.APACHE.0.drfalse
                                      		high
                                      https://packaging.python.org/en/latest/specifications/core-metadata/7EznMik8Fw.exe, 00000002.00000002.3398809969.00000276FA960000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base647EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA220000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://github.com/pypa/packaging7EznMik8Fw.exe, 00000002.00000002.3398629405.00000276FA730000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://refspecs.linuxfoundation.org/elf/gabi47EznMik8Fw.exe, 00000002.00000002.3399995307.00000276FB6C0000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3398629405.00000276FA730000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              https://github.com/urllib3/urllib3/issues/2192#issuecomment-8218329637EznMik8Fw.exe, 00000002.00000002.3400092589.00000276FB7C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                http://docs.python.org/3/library/subprocess#subprocess.Popen.kill7EznMik8Fw.exe, 00000002.00000002.3398945430.00000276FABC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://repository.swisssign.com/N7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA56F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://tools.ietf.org/html/rfc36107EznMik8Fw.exe, 00000002.00000003.2172357597.00000276FA42C000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA42C000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA220000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://github.com/platformdirs/platformdirs7EznMik8Fw.exe, 00000002.00000002.3399132005.00000276FADC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://peps.python.org/pep-0205/7EznMik8Fw.exe, 00000002.00000002.3397753587.00000276FA020000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://crl.dhimyotis.com/certignarootca.crl7EznMik8Fw.exe, 00000002.00000002.3398450388.00000276FA60D000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FB13C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://curl.haxx.se/rfc/cookie_spec.html7EznMik8Fw.exe, 00000002.00000002.3400092589.00000276FB7C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://ocsp.accv.es7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FB13C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode7EznMik8Fw.exe, 00000002.00000002.3398945430.00000276FABC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy7EznMik8Fw.exe, 00000002.00000002.3400092589.00000276FB7C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L6887EznMik8Fw.exe, 00000002.00000002.3397104151.00000276F98FC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://httpbin.org/get7EznMik8Fw.exe, 00000002.00000002.3400184149.00000276FB8C0000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA56F000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399224716.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FAFB0000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA2B1000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2172357597.00000276FA2A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://packaging.python.org/en/latest/specifications/entry-points/7EznMik8Fw.exe, 00000002.00000002.3398721697.00000276FA850000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access7EznMik8Fw.exe, 00000002.00000002.3397548789.00000276F9F32000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://pypi.org/project/build/).7EznMik8Fw.exe, 00000002.00000002.3398629405.00000276FA730000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://wwww.certigna.fr/autorites/0m7EznMik8Fw.exe, 00000002.00000002.3398450388.00000276FA60D000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA330000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader7EznMik8Fw.exe, 00000002.00000003.2160128430.00000276F99C1000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397240579.00000276F9990000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://foo/bar.tgz7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3398629405.00000276FA730000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399132005.00000276FADC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://github.com/python/cpython/issues/86361.7EznMik8Fw.exe, 00000002.00000003.2162778218.00000276F9F8C000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2162306851.00000276F9F54000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397548789.00000276F9F32000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://crl.securetrust.com/STCA.crlt7EznMik8Fw.exe, 00000002.00000002.3399224716.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://mail.python.org/pipermail/python-dev/2012-June/120787.html.7EznMik8Fw.exe, 00000002.00000002.3400306980.00000276FBA8C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://httpbin.org/7EznMik8Fw.exe, 00000002.00000002.3397240579.00000276F9990000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.apache.org/licenses/LICENSE.APACHE.0.drfalse
                                                                                            		high
                                                                                            https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainMETADATA.0.drfalse
                                                                                              		high
                                                                                              https://wwww.certigna.fr/autorites/7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FB13C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file7EznMik8Fw.exe, 00000002.00000002.3401529100.00007FFD93003000.00000002.00000001.01000000.00000020.sdmpfalse
                                                                                                  		high
                                                                                                  https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA220000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://busquedasxurl.com/login/conexion/bloqueadoreslogs.php?ip=7EznMik8Fw.exe, 00000002.00000002.3399038264.00000276FACC0000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.7EznMik8Fw.exe, 00000002.00000002.3398721697.00000276FA850000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l5357EznMik8Fw.exe, 00000002.00000003.2172357597.00000276FA330000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA330000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397548789.00000276F9E00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://cryptography.io/en/latest/installation/METADATA.0.drfalse
                                                                                                            		high
                                                                                                            https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy7EznMik8Fw.exe, 00000002.00000003.2160128430.00000276F99C1000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397240579.00000276F9990000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.python.org/psf/license/7EznMik8Fw.exe, 00000002.00000002.3404019248.00007FFD9442C000.00000008.00000001.01000000.00000005.sdmpfalse
                                                                                                                		high
                                                                                                                https://docs.python.org/3/library/multiprocessing.html7EznMik8Fw.exe, 00000002.00000002.3397548789.00000276F9F32000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://github.com/pypa/setuptools/issues/417#issuecomment-3922984017EznMik8Fw.exe, 00000002.00000002.3397454008.00000276F9D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://crl.securetrust.com/STCA.crl7EznMik8Fw.exe, 00000002.00000002.3399224716.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyP7EznMik8Fw.exe, 00000002.00000002.3400092589.00000276FB7C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      http://wwwsearch.sf.net/):7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA5AF000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA5AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt07EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FB13C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.accv.es/legislacion_c.htm7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FB13C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://tools.ietf.org/html/rfc6125#section-6.4.37EznMik8Fw.exe, 00000002.00000002.3400092589.00000276FB7C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://cryptography.io/en/latest/security/METADATA.0.drfalse
                                                                                                                                		high
                                                                                                                                https://cffi.readthedocs.io/en/latest/using.html#callbacks7EznMik8Fw.exe, 00000002.00000002.3405122309.00007FFD9DA3D000.00000002.00000001.01000000.00000021.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://crl.xrampsecurity.com/XGCA.crl07EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FB04A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://bugs.python.org/issue44497.7EznMik8Fw.exe, 00000002.00000002.3397836333.00000276FA120000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3398543024.00000276FA620000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://www.cert.fnmt.es/dpcs/7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FB13C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://google.com/mail7EznMik8Fw.exe, 00000002.00000003.2172357597.00000276FA42C000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA42C000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://crl.dhimyotis.com/certignarootca.crlyA7EznMik8Fw.exe, 00000002.00000002.3398450388.00000276FA60D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://packaging.python.org/specifications/entry-points/7EznMik8Fw.exe, 00000002.00000002.3397836333.00000276FA120000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3398543024.00000276FA620000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://github.com/jaraco/jaraco.functools/issues/57EznMik8Fw.exe, 00000002.00000002.3398629405.00000276FA730000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399132005.00000276FADC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://www.accv.es007EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FB13C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.python.org/psf/license/)7EznMik8Fw.exe, 00000002.00000002.3403635102.00007FFD942B4000.00000002.00000001.01000000.00000005.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py7EznMik8Fw.exe, 00000002.00000002.3397240579.00000276F9990000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://www.rfc-editor.org/info/rfc72537EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA220000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://github.com/pyca/cryptography/issuesMETADATA.0.drfalse
                                                                                                                                                          		high
                                                                                                                                                          http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf7EznMik8Fw.exe, 00000002.00000003.2172357597.00000276FA42C000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA42C000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA220000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://readthedocs.org/projects/cryptography/badge/?version=latestMETADATA.0.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://foss.heptapod.net/pypy/pypy/-/issues/35397EznMik8Fw.exe, 00000002.00000002.3400092589.00000276FB7C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.7EznMik8Fw.exe, 00000002.00000003.2172773300.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399224716.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://google.com/7EznMik8Fw.exe, 00000002.00000002.3398450388.00000276FA5F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://repository.swisssign.com/per7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA330000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://mahler:8092/site-updates.py7EznMik8Fw.exe, 00000002.00000003.2172773300.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FAFBB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399224716.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://crl.securetrust.com/SGCA.crl7EznMik8Fw.exe, 00000002.00000002.3399224716.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://.../back.jpeg7EznMik8Fw.exe, 00000002.00000002.3400092589.00000276FB7C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://tools.ietf.org/html/rfc7231#section-4.3.6)7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA220000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://tools.ietf.org/html/rfc58697EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA4A8000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA4A8000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2172635006.00000276FA60D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://github.com/pyca/cryptographyMETADATA.0.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://www.python.org/download/releases/2.3/mro/.7EznMik8Fw.exe, 00000002.00000002.3397104151.00000276F9880000.00000004.00001000.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2160714646.00000276F9A14000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://blog.cryptographyusering.com/2012/05/how-to-choose-authenticated-encryption.html7EznMik8Fw.exe, 00000002.00000003.2172773300.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3398450388.00000276FA60D000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2172357597.00000276FA42C000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA4A8000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA42C000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA4A8000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FAFBB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA220000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2172635006.00000276FA60D000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399224716.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://cryptography.io/METADATA.0.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://httpbin.org/post7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://github.com/pyca/cryptography/METADATA.0.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://github.com/Ousret/charset_normalizer7EznMik8Fw.exe, 00000002.00000003.2172773300.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3399224716.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://www.firmaprofesional.com/cps07EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA415000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA330000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://www.cert.fnmt.es/dpcs/may7EznMik8Fw.exe, 00000002.00000002.3399224716.00000276FAEFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://github.com/urllib3/urllib3/issues/29207EznMik8Fw.exe, 00000002.00000002.3399995307.00000276FB6C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://crl.securetrust.com/SGCA.crl07EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FAFBB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://yahoo.com/7EznMik8Fw.exe, 00000002.00000003.2172357597.00000276FA42C000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA42C000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000003.2172017054.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmp, 7EznMik8Fw.exe, 00000002.00000002.3397928807.00000276FA4DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://crl.securetrust.com/STCA.crl07EznMik8Fw.exe, 00000002.00000002.3399385291.00000276FAFBB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high

                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                        34.224.200.202
                                                                                                                                                                                                        		httpbin.orgUnited States
                                                                                                                                                                                                        		14618AMAZON-AESUSfalse

                                                                                                                                                                                                        General Information

                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                        Analysis ID:1571343
                                                                                                                                                                                                        Start date and time:2024-12-09 10:07:48 +01:00
                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                        Overall analysis duration:0h 8m 46s
                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                        Number of analysed new started processes analysed:5
                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                        Sample name:7EznMik8Fw.exe
                                                                                                                                                                                                        renamed because original name is a hash value
                                                                                                                                                                                                        Original Sample Name:fc5586ca851cbf4eed21ae5c11b8e5d7c23379561016f779f5fe346439e2f55d.exe
                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                        Classification:mal72.troj.evad.winEXE@3/122@1/1
                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                                        • Successful, ratio: 96%
                                                                                                                                                                                                        • Number of executed functions: 48
                                                                                                                                                                                                        • Number of non-executed functions: 316
                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                        • Found application associated with file extension: .exe

                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                                        • VT rate limit hit for: 7EznMik8Fw.exe

                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                        No simulations

                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                        IPs

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        34.224.200.202JxrkpYVdCp.exeGet hashmaliciousPython Stealer, BabadedaBrowse
                                                                                                                                                                                                          u08NgsGNym.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                            L5OMdZqWzq.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                              ssPp3zvWwN.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                okG6LaM2yP.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                  11lbKZLNnQ.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                    r2PcRF79Mo.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                      eEiHdLSfum.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        eEiHdLSfum.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          nsh99t9Dox.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse

                                                                                                                                                                                                                            Domains

                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                            httpbin.orgJxrkpYVdCp.exeGet hashmaliciousPython Stealer, BabadedaBrowse
                                                                                                                                                                                                                            • 34.224.200.202
                                                                                                                                                                                                                            u08NgsGNym.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                            • 34.224.200.202
                                                                                                                                                                                                                            MkWMm5piE5.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                            • 44.196.3.45
                                                                                                                                                                                                                            L5OMdZqWzq.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                            • 34.224.200.202
                                                                                                                                                                                                                            ssPp3zvWwN.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                            • 34.224.200.202
                                                                                                                                                                                                                            okG6LaM2yP.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                            • 34.224.200.202
                                                                                                                                                                                                                            I6H1RkEHlX.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                            • 44.196.3.45
                                                                                                                                                                                                                            hKgrI6tqYx.exeGet hashmaliciousPython Stealer, BabadedaBrowse
                                                                                                                                                                                                                            • 44.196.3.45
                                                                                                                                                                                                                            L5cZ63IH4a.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                            • 44.196.3.45
                                                                                                                                                                                                                            478y7Ve1JG.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                            • 44.196.3.45

                                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                            AMAZON-AESUSJxrkpYVdCp.exeGet hashmaliciousPython Stealer, BabadedaBrowse
                                                                                                                                                                                                                            • 34.224.200.202
                                                                                                                                                                                                                            u08NgsGNym.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                            • 34.224.200.202
                                                                                                                                                                                                                            MkWMm5piE5.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                            • 44.196.3.45
                                                                                                                                                                                                                            L5OMdZqWzq.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                            • 34.224.200.202
                                                                                                                                                                                                                            ssPp3zvWwN.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                            • 34.224.200.202
                                                                                                                                                                                                                            okG6LaM2yP.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                            • 34.224.200.202
                                                                                                                                                                                                                            I6H1RkEHlX.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                            • 44.196.3.45
                                                                                                                                                                                                                            hKgrI6tqYx.exeGet hashmaliciousPython Stealer, BabadedaBrowse
                                                                                                                                                                                                                            • 44.196.3.45
                                                                                                                                                                                                                            L5cZ63IH4a.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                            • 44.196.3.45
                                                                                                                                                                                                                            478y7Ve1JG.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                            • 44.196.3.45

                                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                                            No context

                                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_ARC4.pydJxrkpYVdCp.exeGet hashmaliciousPython Stealer, BabadedaBrowse
                                                                                                                                                                                                                              hSyJxPUUDx.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                u08NgsGNym.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                  MkWMm5piE5.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                    L5OMdZqWzq.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                      ssPp3zvWwN.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                        okG6LaM2yP.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                          I6H1RkEHlX.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                            hKgrI6tqYx.exeGet hashmaliciousPython Stealer, BabadedaBrowse
                                                                                                                                                                                                                                              33sKdwH6im.exeGet hashmaliciousPython StealerBrowse

                                                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_ARC4.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):11264
                                                                                                                                                                                                                                                Entropy (8bit):4.703513333396807
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:nDzb9VD9daQ2iTrqT+6Zdp/Q0I1uLfcC75JiC4Rs89EcYyGDV90OcX6gY/7ECFV:Dzz9damqTrpYTst0E5DVPcqgY/79X
                                                                                                                                                                                                                                                MD5:6176101B7C377A32C01AE3EDB7FD4DE6
                                                                                                                                                                                                                                                SHA1:5F1CB443F9D677F313BEC07C5241AEAB57502F5E
                                                                                                                                                                                                                                                SHA-256:EFEA361311923189ECBE3240111EFBA329752D30457E0DBE9628A82905CD4BDB
                                                                                                                                                                                                                                                SHA-512:3E7373B71AE0834E96A99595CFEF2E96C0F5230429ADC0B5512F4089D1ED0D7F7F0E32A40584DFB13C41D257712A9C4E9722366F0A21B907798AE79D8CEDCF30
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                                • Filename: JxrkpYVdCp.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: hSyJxPUUDx.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: u08NgsGNym.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: MkWMm5piE5.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: L5OMdZqWzq.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: ssPp3zvWwN.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: okG6LaM2yP.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: I6H1RkEHlX.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: hKgrI6tqYx.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: 33sKdwH6im.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*b..*b..*b..R...*b..Uc..*b.Rc..*b..*c..*b..Ug..*b..Uf..*b..Ua..*b..j..*b..b..*b....*b..`..*b.Rich.*b.................PE..d....e.........." ...%............P........................................p............`.........................................P(.......(..d....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata..,.... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..,....`.......*..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_Salsa20.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):13312
                                                                                                                                                                                                                                                Entropy (8bit):4.968452734961967
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:JF3TgNlF/1Nt5aSd4+1ijg0NLfFNJSCqsstXHTeH5ht47qMbxbfDqbwYH/kcX6gT:WF/1nb2mhQtkXHTeZ87VDqrMcqgYvEp
                                                                                                                                                                                                                                                MD5:371776A7E26BAEB3F75C93A8364C9AE0
                                                                                                                                                                                                                                                SHA1:BF60B2177171BA1C6B4351E6178529D4B082BDA9
                                                                                                                                                                                                                                                SHA-256:15257E96D1CA8480B8CB98F4C79B6E365FE38A1BA9638FC8C9AB7FFEA79C4762
                                                                                                                                                                                                                                                SHA-512:C23548FBCD1713C4D8348917FF2AB623C404FB0E9566AB93D147C62E06F51E63BDAA347F2D203FE4F046CE49943B38E3E9FA1433F6455C97379F2BC641AE7CE9
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8......x9..d....`.......P..L............p..,....3...............................1..@............0...............................text...(........................... ..`.rdata.......0......................@..@.data...8....@.......*..............@....pdata..L....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..,....p.......2..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_chacha20.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):13824
                                                                                                                                                                                                                                                Entropy (8bit):5.061461040216793
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:ldF/1nb2mhQtkXn0t/WS60YYDEiqvdvGyv9lkVcqgYvEMo:v2f6XSZ6XYD6vdvGyv9MgYvEMo
                                                                                                                                                                                                                                                MD5:CB5238E2D4149636377F9A1E2AF6DC57
                                                                                                                                                                                                                                                SHA1:038253BABC9E652BA4A20116886209E2BCCF35AC
                                                                                                                                                                                                                                                SHA-256:A8D3BB9CD6A78EBDB4F18693E68B659080D08CB537F9630D279EC9F26772EFC7
                                                                                                                                                                                                                                                SHA-512:B1E6AB509CF1E5ECC6A60455D6900A76514F8DF43F3ABC3B8D36AF59A3DF8A868B489ED0B145D0D799AAC8672CBF5827C503F383D3F38069ABF6056ECCD87B21
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8.......9..d....`.......P..d............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......,..............@....pdata..d....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_pkcs1_decode.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):13824
                                                                                                                                                                                                                                                Entropy (8bit):5.236167046748013
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:/siHXqpoUol3xZhRyQX5lDnRDFYav+tcqgRvE:h6D+XBDgDgRvE
                                                                                                                                                                                                                                                MD5:D9E7218460AEE693BEA07DA7C2B40177
                                                                                                                                                                                                                                                SHA1:9264D749748D8C98D35B27BEFE6247DA23FF103D
                                                                                                                                                                                                                                                SHA-256:38E423D3BCC32EE6730941B19B7D5D8872C0D30D3DD8F9AAE1442CB052C599AD
                                                                                                                                                                                                                                                SHA-512:DDB579E2DEA9D266254C0D9E23038274D9AE33F0756419FD53EC6DC1A27D1540828EE8F4AD421A5CFFD9B805F1A68F26E70BDC1BAB69834E8ACD6D7BB7BDB0DB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K..*...*...*...R...*...U...*..R...*...*...*...U...*...U...*...U...*.....*.....*...}..*.....*..Rich.*..........................PE..d....e.........." ...%............P.....................................................`..........................................9.......9..d....`.......P..|............p..,....3...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@.......,..............@....pdata..|....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_aes.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):36352
                                                                                                                                                                                                                                                Entropy (8bit):6.558176937399355
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:Dz2P+7nYpPMedFDlDchrVX1mEVmT9ZgkoD/PKDkGuF0U390QOo8VdbKBWmuCLg46:DzeqWB7YJlmLJ3oD/S4j990th9VCsC
                                                                                                                                                                                                                                                MD5:F751792DF10CDEED391D361E82DAF596
                                                                                                                                                                                                                                                SHA1:3440738AF3C88A4255506B55A673398838B4CEAC
                                                                                                                                                                                                                                                SHA-256:9524D1DADCD2F2B0190C1B8EDE8E5199706F3D6C19D3FB005809ED4FEBF3E8B5
                                                                                                                                                                                                                                                SHA-512:6159F245418AB7AD897B02F1AADF1079608E533B9C75006EFAF24717917EAA159846EE5DFC0E85C6CFF8810319EFECBA80C1D51D1F115F00EC1AFF253E312C00
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*b..*b..*b..R...*b..Uc..*b.Rc..*b..*c..*b..Ug..*b..Uf..*b..Ua..*b..j..*b..b..*b....*b..`..*b.Rich.*b.................PE..d....e.........." ...%.H...H......P.....................................................`.................................................,...d...............................4... ...................................@............`...............................text....F.......H.................. ..`.rdata..d6...`...8...L..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_aesni.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):15872
                                                                                                                                                                                                                                                Entropy (8bit):5.285191078037458
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:wJBjJHEkEPYi3Xd+dc26E4++yuqAyXW9wifD4jqccqgwYUMvEW:ikRwi3wO26Ef+yuIm9PfD7wgwYUMvE
                                                                                                                                                                                                                                                MD5:BBEA5FFAE18BF0B5679D5C5BCD762D5A
                                                                                                                                                                                                                                                SHA1:D7C2721795113370377A1C60E5CEF393473F0CC5
                                                                                                                                                                                                                                                SHA-256:1F4288A098DA3AAC2ADD54E83C8C9F2041EC895263F20576417A92E1E5B421C1
                                                                                                                                                                                                                                                SHA-512:0932EC5E69696D6DD559C30C19FC5A481BEFA38539013B9541D84499F2B6834A2FFE64A1008A1724E456FF15DDA6268B7B0AD8BA14918E2333567277B3716CC4
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........TX..:...:...:.....:..;...:...;...:...;...:..?...:..>...:..9...:..R2...:..R:...:..R....:..R8...:.Rich..:.................PE..d....e.........." ...%. ... ......P.....................................................`..........................................9......D:..d....`.......P...............p..,....3...............................1..@............0.. ............................text...h........ .................. ..`.rdata.......0.......$..............@..@.data...(....@.......4..............@....pdata.......P.......6..............@..@.rsrc........`.......:..............@..@.reloc..,....p.......<..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_arc2.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):16384
                                                                                                                                                                                                                                                Entropy (8bit):5.505471888568532
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:vd9VkyQ5f8vjVaCHpKpTTjaNe7oca2DW3Q2dhmdcqgwNeecBih:JkP5cjIGpKlqD2D4kzgwNeE
                                                                                                                                                                                                                                                MD5:D2175300E065347D13211F5BF7581602
                                                                                                                                                                                                                                                SHA1:3AE92C0B0ECDA1F6B240096A4E68D16D3DB1FFB0
                                                                                                                                                                                                                                                SHA-256:94556934E3F9EE73C77552D2F3FC369C02D62A4C9E7143E472F8E3EE8C00AEE1
                                                                                                                                                                                                                                                SHA-512:6156D744800206A431DEE418A1C561FFB45D726DC75467A91D26EE98503B280C6595CDEA02BDA6A023235BD010835EA1FC9CB843E9FEC3501980B47B6B490AF7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%."... ......P.....................................................`.........................................0J.......J..d....p.......`..................,....C...............................B..@............@...............................text....!.......".................. ..`.rdata.......@.......&..............@..@.data...8....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..,............>..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_blowfish.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):20992
                                                                                                                                                                                                                                                Entropy (8bit):6.06124024160806
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:bUv5cJMOZA0nmwBD+XpJgLa0Mp8Qpg4P2llyM:0K1XBD+DgLa1yTi
                                                                                                                                                                                                                                                MD5:45616B10ABE82D5BB18B9C3AB446E113
                                                                                                                                                                                                                                                SHA1:91B2C0B0F690AE3ABFD9B0B92A9EA6167049B818
                                                                                                                                                                                                                                                SHA-256:F348DB1843B8F38A23AEE09DD52FB50D3771361C0D529C9C9E142A251CC1D1EC
                                                                                                                                                                                                                                                SHA-512:ACEA8C1A3A1FA19034FD913C8BE93D5E273B7719D76CB71C36F510042918EA1D9B44AC84D849570F9508D635B4829D3E10C36A461EC63825BA178F5AC1DE85FB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%.$...0......P.....................................................`.........................................pY.......Z..d............p..................4...@S...............................R..@............@...............................text....".......$.................. ..`.rdata..L....@... ...(..............@..@.data...8....`.......H..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc..4............P..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_cast.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):25088
                                                                                                                                                                                                                                                Entropy (8bit):6.475467273446457
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:oc6HLZiMDFuGu+XHZXmrfXA+UA10ol31tuXy4IYgLWi:B6H1TZXX5XmrXA+NNxWiFdLWi
                                                                                                                                                                                                                                                MD5:CF3C2F35C37AA066FA06113839C8A857
                                                                                                                                                                                                                                                SHA1:39F3B0AEFB771D871A93681B780DA3BD85A6EDD0
                                                                                                                                                                                                                                                SHA-256:1261783F8881642C3466B96FA5879A492EA9E0DAB41284ED9E4A82E8BCF00C80
                                                                                                                                                                                                                                                SHA-512:1C36B80AAE49FD5E826E95D83297AE153FDB2BC652A47D853DF31449E99D5C29F42ED82671E2996AF60DCFB862EC5536BB0A68635D4E33D33F8901711C0C8BE6
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%.$...@............................................................`.........................................@i.......i..d...............................4....b...............................a..@............@...............................text....#.......$.................. ..`.rdata.......@...0...(..............@..@.data...8....p.......X..............@....pdata...............Z..............@..@.rsrc................^..............@..@.reloc..4............`..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_cbc.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                                                                                Entropy (8bit):4.838534302892255
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:0F/1nb2mhQtkr+juOxKbDbnHcqgYvEkrK:u2f6iuOsbDtgYvEmK
                                                                                                                                                                                                                                                MD5:20708935FDD89B3EDDEEA27D4D0EA52A
                                                                                                                                                                                                                                                SHA1:85A9FE2C7C5D97FD02B47327E431D88A1DC865F7
                                                                                                                                                                                                                                                SHA-256:11DD1B49F70DB23617E84E08E709D4A9C86759D911A24EBDDFB91C414CC7F375
                                                                                                                                                                                                                                                SHA-512:F28C31B425DC38B5E9AD87B95E8071997E4A6F444608E57867016178CD0CA3E9F73A4B7F2A0A704E45F75B7DCFF54490510C6BF8461F3261F676E9294506D09B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8.......9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_cfb.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):13824
                                                                                                                                                                                                                                                Entropy (8bit):4.9047185025862925
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:NRgPX8lvI+KnwSDTPUDEhKWPXcqgzQkvEd:2og9rUD9mpgzQkvE
                                                                                                                                                                                                                                                MD5:43BBE5D04460BD5847000804234321A6
                                                                                                                                                                                                                                                SHA1:3CAE8C4982BBD73AF26EB8C6413671425828DBB7
                                                                                                                                                                                                                                                SHA-256:FAA41385D0DB8D4EE2EE74EE540BC879CF2E884BEE87655FF3C89C8C517EED45
                                                                                                                                                                                                                                                SHA-512:DBC60F1D11D63BEBBAB3C742FB827EFBDE6DFF3C563AE1703892D5643D5906751DB3815B97CBFB7DA5FCD306017E4A1CDCC0CDD0E61ADF20E0816F9C88FE2C9B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*...*...*...RQ..*...U...*..R...*...*...*...U...*...U...*...U...*......*......*...=..*......*..Rich.*..................PE..d....e.........." ...%..... ......P.....................................................`..........................................9.......9..d....`.......P..d............p..,....3...............................1..@............0...............................text...(........................... ..`.rdata.......0......................@..@.data...8....@.......,..............@....pdata..d....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_ctr.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):14848
                                                                                                                                                                                                                                                Entropy (8bit):5.300163691206422
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:j0J1gSHxKkwv0i8XSi3Sm57NEEE/qexUEtDrdkrRcqgUF6+6vEX:jM01si8XSi3SACqe7tDeDgUUjvE
                                                                                                                                                                                                                                                MD5:C6B20332B4814799E643BADFFD8DF2CD
                                                                                                                                                                                                                                                SHA1:E7DA1C1F09F6EC9A84AF0AB0616AFEA55A58E984
                                                                                                                                                                                                                                                SHA-256:61C7A532E108F67874EF2E17244358DF19158F6142680F5B21032BA4889AC5D8
                                                                                                                                                                                                                                                SHA-512:D50C7F67D2DFB268AD4CF18E16159604B6E8A50EA4F0C9137E26619FD7835FAAD323B5F6A2B8E3EC1C023E0678BCBE5D0F867CD711C5CD405BD207212228B2B4
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K,..*B..*B..*B..R...*B..UC..*B.RC..*B..*C..*B..UG..*B..UF..*B..UA..*B..J..*B..B..*B....*B..@..*B.Rich.*B.........................PE..d....e.........." ...%..... ......P.....................................................`..........................................9......x:..d....`.......P...............p..,....3...............................1..@............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..,....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_des.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):57856
                                                                                                                                                                                                                                                Entropy (8bit):4.260220483695234
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:9XUqVT1dZ/GHkJnYcZiGKdZHDLtiduprZNZY0JAIg+v:99HGHfJidSK
                                                                                                                                                                                                                                                MD5:0B538205388FDD99A043EE3AFAA074E4
                                                                                                                                                                                                                                                SHA1:E0DD9306F1DBE78F7F45A94834783E7E886EB70F
                                                                                                                                                                                                                                                SHA-256:C4769D3E6EB2A2FECB5DEC602D45D3E785C63BB96297268E3ED069CC4A019B1A
                                                                                                                                                                                                                                                SHA-512:2F4109E42DB7BC72EB50BCCC21EB200095312EA00763A255A38A4E35A77C04607E1DB7BB69A11E1D80532767B20BAA4860C05F52F32BF1C81FE61A7ECCEB35ED
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........................................................K......K......Ki.....K.....Rich...........................PE..d....e.........." ...%.8...................................................0............`.....................................................d...............l............ ..4...................................@...@............P...............................text....7.......8.................. ..`.rdata..f....P.......<..............@..@.data...8...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..4.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_des3.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):58368
                                                                                                                                                                                                                                                Entropy (8bit):4.276870967324261
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:9jUqho9weF5/eHkRnYcZiGKdZHDL7idErZjZYXGg:9RCneH//id42
                                                                                                                                                                                                                                                MD5:6C3E976AB9F47825A5BD9F73E8DBA74E
                                                                                                                                                                                                                                                SHA1:4C6EB447FE8F195CF7F4B594CE7EAF928F52B23A
                                                                                                                                                                                                                                                SHA-256:238CDB6B8FB611DB4626E6D202E125E2C174C8F73AE8A3273B45A0FC18DEA70C
                                                                                                                                                                                                                                                SHA-512:B19516F00CC0484D9CDA82A482BBFE41635CDBBE19C13F1E63F033C9A68DD36798C44F04D6BD8BAE6523A845E852D81ACADD0D5DD86AF62CC9D081B803F8DF7B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........................................................K......K......Ki.....K.....Rich...........................PE..d....e.........." ...%.:...................................................0............`.................................................P...d............................ ..4...................................@...@............P...............................text...x9.......:.................. ..`.rdata.......P.......>..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..4.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_ecb.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10752
                                                                                                                                                                                                                                                Entropy (8bit):4.578113904149635
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:R0qVVdJvbrqTu6ZdpvY0IluLfcC75JiCKs89EpmFWLOXDwo2Pj15XkcX6gbW6z:DVddiT7pgTctEEI4qXDo11kcqgbW6
                                                                                                                                                                                                                                                MD5:FEE13D4FB947835DBB62ACA7EAFF44EF
                                                                                                                                                                                                                                                SHA1:7CC088AB68F90C563D1FE22D5E3C3F9E414EFC04
                                                                                                                                                                                                                                                SHA-256:3E0D07BBF93E0748B42B1C2550F48F0D81597486038C22548224584AE178A543
                                                                                                                                                                                                                                                SHA-512:DEA92F935BC710DF6866E89CC6EB5B53FC7ADF0F14F3D381B89D7869590A1B0B1F98F347664F7A19C6078E7AA3EB0F773FFCB711CC4275D0ECD54030D6CF5CB2
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.`.r.`.r.`.{...p.`.g.a.p.`.9.a.q.`.r.a.Q.`.g.e.y.`.g.d.z.`.g.c.q.`.H.h.s.`.H.`.s.`.H...s.`.H.b.s.`.Richr.`.................PE..d....e.........." ...%............P........................................p............`.........................................p'......((..P....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_eksblowfish.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):22016
                                                                                                                                                                                                                                                Entropy (8bit):6.143719741413071
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:IUv5cRUtPQtjLJiKMjNrDF6pJgLa0Mp8Q90gYP2lXCM:BKR8I+K0lDFQgLa17zU
                                                                                                                                                                                                                                                MD5:76F88D89643B0E622263AF676A65A8B4
                                                                                                                                                                                                                                                SHA1:93A365060E98890E06D5C2D61EFBAD12F5D02E06
                                                                                                                                                                                                                                                SHA-256:605C86145B3018A5E751C6D61FD0F85CF4A9EBF2AD1F3009A4E68CF9F1A63E49
                                                                                                                                                                                                                                                SHA-512:979B97AAC01633C46C048010FA886EBB09CFDB5520E415F698616987AE850FD342A4210A8DC0FAC1E059599F253565862892171403F5E4F83754D02D2EF3F366
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%.(...0......P.....................................................`.........................................pY.......Z..d............p..................4...@S...............................R..@............@...............................text...X'.......(.................. ..`.rdata..T....@... ...,..............@..@.data...8....`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..4............T..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_ocb.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):17920
                                                                                                                                                                                                                                                Entropy (8bit):5.353267174592179
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:7PHNP3Mj7Be/yB/6sB3yxcb+IMcOYqQViCBD8bg6Vf4A:hPcnB8KSsB34cb+bcOYpMCBDX
                                                                                                                                                                                                                                                MD5:D48BFFA1AF800F6969CFB356D3F75AA6
                                                                                                                                                                                                                                                SHA1:2A0D8968D74EBC879A17045EFE86C7FB5C54AEE6
                                                                                                                                                                                                                                                SHA-256:4AA5E9CE7A76B301766D3ECBB06D2E42C2F09D0743605A91BF83069FEFE3A4DE
                                                                                                                                                                                                                                                SHA-512:30D14AD8C68B043CC49EAFB460B69E83A15900CB68B4E0CBB379FF5BA260194965EF300EB715308E7211A743FF07FA7F8779E174368DCAA7F704E43068CC4858
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.(... ......P.....................................................`..........................................I.......J..d....p.......`..................,....C...............................A..@............@...............................text....'.......(.................. ..`.rdata..8....@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..,............D..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Cipher\_raw_ofb.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                                                                                Entropy (8bit):4.741247880746506
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:0F/1nb2mhQtkgU7L9D037tfcqgYvEJPb:u2f6L9DSJxgYvEJj
                                                                                                                                                                                                                                                MD5:4D9182783EF19411EBD9F1F864A2EF2F
                                                                                                                                                                                                                                                SHA1:DDC9F878B88E7B51B5F68A3F99A0857E362B0361
                                                                                                                                                                                                                                                SHA-256:C9F4C5FFCDD4F8814F8C07CE532A164AB699AE8CDE737DF02D6ECD7B5DD52DBD
                                                                                                                                                                                                                                                SHA-512:8F983984F0594C2CAC447E9D75B86D6EC08ED1C789958AFA835B0D1239FD4D7EBE16408D080E7FCE17C379954609A93FC730B11BE6F4A024E7D13D042B27F185
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8.......9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_BLAKE2b.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):14848
                                                                                                                                                                                                                                                Entropy (8bit):5.212941287344097
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:2F/1nb2mhQtkRySMfJ2ycxFzShJD9bAal2QDeJKcqgQx2QY:M2fKRQB2j8JD2fJagQx2QY
                                                                                                                                                                                                                                                MD5:F4EDB3207E27D5F1ACBBB45AAFCB6D02
                                                                                                                                                                                                                                                SHA1:8EAB478CA441B8AD7130881B16E5FAD0B119D3F0
                                                                                                                                                                                                                                                SHA-256:3274F49BE39A996C5E5D27376F46A1039B6333665BB88AF1CA6D37550FA27B29
                                                                                                                                                                                                                                                SHA-512:7BDEBF9829CB26C010FCE1C69E7580191084BCDA3E2847581D0238AF1CAA87E68D44B052424FDC447434D971BB481047F8F2DA1B1DEF6B18684E79E63C6FBDC5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%..... ......P.....................................................`..........................................9......|:..d....`.......P..@............p..,....3...............................2..@............0...............................text...X........................... ..`.rdata.......0....... ..............@..@.data...8....@.......0..............@....pdata..@....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..,....p.......8..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_BLAKE2s.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):14336
                                                                                                                                                                                                                                                Entropy (8bit):5.181291194389683
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:hF/1nb2mhQt7fSOp/CJPvADQHKtxSOvbcqgEvcM+:N2fNKOZWPIDnxVlgEvL
                                                                                                                                                                                                                                                MD5:9D28433EA8FFBFE0C2870FEDA025F519
                                                                                                                                                                                                                                                SHA1:4CC5CF74114D67934D346BB39CA76F01F7ACC3E2
                                                                                                                                                                                                                                                SHA-256:FC296145AE46A11C472F99C5BE317E77C840C2430FBB955CE3F913408A046284
                                                                                                                                                                                                                                                SHA-512:66B4D00100D4143EA72A3F603FB193AFA6FD4EFB5A74D0D17A206B5EF825E4CC5AF175F5FB5C40C022BDE676BA7A83087CB95C9F57E701CA4E7F0A2FCE76E599
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%..... ......P.....................................................`.........................................09.......9..d....`.......P..@............p..,....3...............................2..@............0...............................text...8........................... ..`.rdata..4....0......................@..@.data...8....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..,....p.......6..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_MD2.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):14336
                                                                                                                                                                                                                                                Entropy (8bit):5.140195114409974
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:RsiHXqpo0cUp8XnUp8XjEQnlDtJI6rcqgcx2:f6DcUp8XUp8AclDA69gcx2
                                                                                                                                                                                                                                                MD5:8A92EE2B0D15FFDCBEB7F275154E9286
                                                                                                                                                                                                                                                SHA1:FA9214C8BBF76A00777DFE177398B5F52C3D972D
                                                                                                                                                                                                                                                SHA-256:8326AE6AD197B5586222AFA581DF5FE0220A86A875A5E116CB3828E785FBF5C2
                                                                                                                                                                                                                                                SHA-512:7BA71C37AAF6CB10FC5C595D957EB2846032543626DE740B50D7CB954FF910DCF7CEAA56EB161BAB9CC1F663BADA6CA71973E6570BAC7D6DA4D4CC9ED7C6C3DA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%..... ......P.....................................................`..........................................9......0:..d....`.......P..(............p..,....4...............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..,....p.......6..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_MD4.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):13824
                                                                                                                                                                                                                                                Entropy (8bit):5.203867759982304
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:WsiHXqpwUiv6wPf+4WVrd1DFrCqwWwcqgfvE:s6biio2Pd1DFmlgfvE
                                                                                                                                                                                                                                                MD5:FE16E1D12CF400448E1BE3FCF2D7BB46
                                                                                                                                                                                                                                                SHA1:81D9F7A2C6540F17E11EFE3920481919965461BA
                                                                                                                                                                                                                                                SHA-256:ADE1735800D9E82B787482CCDB0FBFBA949E1751C2005DCAE43B0C9046FE096F
                                                                                                                                                                                                                                                SHA-512:A0463FF822796A6C6FF3ACEBC4C5F7BA28E7A81E06A3C3E46A0882F536D656D3F8BAF6FB748008E27F255FE0F61E85257626010543FC8A45A1E380206E48F07C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%............P.....................................................`.........................................p8...... 9..d....`.......P..(............p..,...@3...............................2..@............0...............................text...X........................... ..`.rdata..p....0......................@..@.data...p....@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_MD5.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):15360
                                                                                                                                                                                                                                                Entropy (8bit):5.478301937972917
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:hZ9WXA7M93g8U7soSchhiLdjM5J6ECTGmDZkRsP0rcqgjPrvE:8Q0gH7zSccA5J6ECTGmDua89gjPrvE
                                                                                                                                                                                                                                                MD5:34EBB5D4A90B5A39C5E1D87F61AE96CB
                                                                                                                                                                                                                                                SHA1:25EE80CC1E647209F658AEBA5841F11F86F23C4E
                                                                                                                                                                                                                                                SHA-256:4FC70CB9280E414855DA2C7E0573096404031987C24CF60822854EAA3757C593
                                                                                                                                                                                                                                                SHA-512:82E27044FD53A7309ABAECA06C077A43EB075ADF1EF0898609F3D9F42396E0A1FA4FFD5A64D944705BBC1B1EBB8C2055D8A420807693CC5B70E88AB292DF81B7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%. ..........P.....................................................`..........................................8.......9..d....`.......P..X............p..,....3...............................1..@............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..,....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_RIPEMD160.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):18432
                                                                                                                                                                                                                                                Entropy (8bit):5.69608744353984
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:nkP5RjF7GsIyV6Lx41NVYaVmtShQRKAa8+DSngkov:onx7RI26LuuHKz8+DbN
                                                                                                                                                                                                                                                MD5:42C2F4F520BA48779BD9D4B33CD586B9
                                                                                                                                                                                                                                                SHA1:9A1D6FFA30DCA5CE6D70EAC5014739E21A99F6D8
                                                                                                                                                                                                                                                SHA-256:2C6867E88C5D3A83D62692D24F29624063FCE57F600483BAD6A84684FF22F035
                                                                                                                                                                                                                                                SHA-512:1F0C18E1829A5BAE4A40C92BA7F8422D5FE8DBE582F7193ACEC4556B4E0593C898956065F398ACB34014542FCB3365DC6D4DA9CE15CB7C292C8A2F55FB48BB2B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%.*... ......P.....................................................`..........................................I.......J..d....p.......`..................,....D..............................PC..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data...8....P.......>..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc..,............F..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_SHA1.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):19456
                                                                                                                                                                                                                                                Entropy (8bit):5.7981108922569735
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:qPHNP3MjevhSY/8EBbVxcJ0ihTLdFDuPHgj+kf4D:sPcKvr/jUJ0sbDGAj+t
                                                                                                                                                                                                                                                MD5:AB0BCB36419EA87D827E770A080364F6
                                                                                                                                                                                                                                                SHA1:6D398F48338FB017AACD00AE188606EB9E99E830
                                                                                                                                                                                                                                                SHA-256:A927548ABEA335E6BCB4A9EE0A949749C9E4AA8F8AAD481CF63E3AC99B25A725
                                                                                                                                                                                                                                                SHA-512:3580FB949ACEE709836C36688457908C43860E68A36D3410F3FA9E17C6A66C1CDD7C081102468E4E92E5F42A0A802470E8F4D376DAA4ED7126818538E0BD0BC4
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.0..........P.....................................................`..........................................H.......I..d....p.......`..X...............,....C...............................A..@............@...............................text..../.......0.................. ..`.rdata.......@.......4..............@..@.data........P.......B..............@....pdata..X....`.......D..............@..@.rsrc........p.......H..............@..@.reloc..,............J..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_SHA224.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):22016
                                                                                                                                                                                                                                                Entropy (8bit):5.865452719694432
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:y1jwGPJHLvzcY1EEerju9LcTZ6RO3RouLKtcyDNOcwgjxo:QjwyJUYToZwOLuzDNB1j
                                                                                                                                                                                                                                                MD5:C8FE3FF9C116DB211361FBB3EA092D33
                                                                                                                                                                                                                                                SHA1:180253462DD59C5132FBCCC8428DEA1980720D26
                                                                                                                                                                                                                                                SHA-256:25771E53CFECB5462C0D4F05F7CAE6A513A6843DB2D798D6937E39BA4B260765
                                                                                                                                                                                                                                                SHA-512:16826BF93C8FA33E0B5A2B088FB8852A2460E0A02D699922A39D8EB2A086E981B5ACA2B085F7A7DA21906017C81F4D196B425978A10F44402C5DB44B2BF4D00A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.8... ......P.....................................................`..........................................Z.......[..d............p..................,... T...............................R..@............P...............................text....6.......8.................. ..`.rdata.......P.......<..............@..@.data........`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..,............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_SHA256.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):22016
                                                                                                                                                                                                                                                Entropy (8bit):5.867732744112887
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:51jwGPJHLxzcY1EEerju9LcTZ6RO3RouLKtcyDNIegjxo:rjwyJOYToZwOLuzDNI7j
                                                                                                                                                                                                                                                MD5:A442EA85E6F9627501D947BE3C48A9DD
                                                                                                                                                                                                                                                SHA1:D2DEC6E1BE3B221E8D4910546AD84FE7C88A524D
                                                                                                                                                                                                                                                SHA-256:3DBCB4D0070BE355E0406E6B6C3E4CE58647F06E8650E1AB056E1D538B52B3D3
                                                                                                                                                                                                                                                SHA-512:850A00C7069FFDBA1EFE1324405DA747D7BD3BA5D4E724D08A2450B5A5F15A69A0D3EAF67CEF943F624D52A4E2159A9F7BDAEAFDC6C689EACEA9987414250F3B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.8... ......P.....................................................`..........................................Z.......[..d............p..................,... T...............................R..@............P...............................text....6.......8.................. ..`.rdata.......P.......<..............@..@.data........`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..,............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_SHA384.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):27136
                                                                                                                                                                                                                                                Entropy (8bit):5.860044313282322
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:xFDL3RqE3MjjQ95UnLa+1WT1aA7qHofg5JptfISH2mDDXfgjVx2:jDLh98jjRe+1WT1aAeIfMzxH2mDDIj
                                                                                                                                                                                                                                                MD5:59BA0E05BE85F48688316EE4936421EA
                                                                                                                                                                                                                                                SHA1:1198893F5916E42143C0B0F85872338E4BE2DA06
                                                                                                                                                                                                                                                SHA-256:C181F30332F87FEECBF930538E5BDBCA09089A2833E8A088C3B9F3304B864968
                                                                                                                                                                                                                                                SHA-512:D772042D35248D25DB70324476021FB4303EF8A0F61C66E7DED490735A1CC367C2A05D7A4B11A2A68D7C34427971F96FF7658D880E946C31C17008B769E3B12F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.J..."......P.....................................................`......................................... l.......m..d...............................,....e...............................d..@............`...............................text...hH.......J.................. ..`.rdata..X....`.......N..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..,............h..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_SHA512.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):27136
                                                                                                                                                                                                                                                Entropy (8bit):5.917025846093607
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:tFYLXRqEnMgj969GUnLa+1WT1aA7qHofg5JptfIS320DXwElrgjhig:PYLB9Mgj0e+1WT1aAeIfMzx320DXD+j
                                                                                                                                                                                                                                                MD5:8194D160FB215498A59F850DC5C9964C
                                                                                                                                                                                                                                                SHA1:D255E8CCBCE663EE5CFD3E1C35548D93BFBBFCC0
                                                                                                                                                                                                                                                SHA-256:55DEFCD528207D4006D54B656FD4798977BD1AAE6103D4D082A11E0EB6900B08
                                                                                                                                                                                                                                                SHA-512:969EEAA754519A58C352C24841852CF0E66C8A1ADBA9A50F6F659DC48C3000627503DDFB7522DA2DA48C301E439892DE9188BF94EEAF1AE211742E48204C5E42
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.J..."......P.....................................................`..........................................l.......m..d...............................,...@f...............................e..@............`...............................text....H.......J.................. ..`.rdata.......`.......N..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..,............h..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_ghash_clmul.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12800
                                                                                                                                                                                                                                                Entropy (8bit):4.999870226643325
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:DzFRF/1nb2mhQtk4axusjfkgZhoYDQgRjcqgQvEty:DzFd2f64axnTTz5D1gQvEty
                                                                                                                                                                                                                                                MD5:C89BECC2BECD40934FE78FCC0D74D941
                                                                                                                                                                                                                                                SHA1:D04680DF546E2D8A86F60F022544DB181F409C50
                                                                                                                                                                                                                                                SHA-256:E5B6E58D6DA8DB36B0673539F0C65C80B071A925D2246C42C54E9FCDD8CA08E3
                                                                                                                                                                                                                                                SHA-512:715B3F69933841BAADC1C30D616DB34E6959FD9257D65E31C39CD08C53AFA5653B0E87B41DCC3C5E73E57387A1E7E72C0A668578BD42D5561F4105055F02993C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*b..*b..*b..R...*b..Uc..*b.Rc..*b..*c..*b..Ug..*b..Uf..*b..Ua..*b..j..*b..b..*b....*b..`..*b.Rich.*b.................PE..d....e.........." ...%............P.....................................................`..........................................8......89..d....`.......P...............p..,....3...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..,....p.......0..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_ghash_portable.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):13312
                                                                                                                                                                                                                                                Entropy (8bit):5.025153056783597
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:AF/1nb2mhQtks0iiNqdF4mtPjD02A5APYcqgYvEL2x:62f6fFA/4GjDFcgYvEL2x
                                                                                                                                                                                                                                                MD5:C4CC05D3132FDFB05089F42364FC74D2
                                                                                                                                                                                                                                                SHA1:DA7A1AE5D93839577BBD25952A1672C831BC4F29
                                                                                                                                                                                                                                                SHA-256:8F3D92DE840ABB5A46015A8FF618FF411C73009CBAA448AC268A5C619CF84721
                                                                                                                                                                                                                                                SHA-512:C597C70B7AF8E77BEEEBF10C32B34C37F25C741991581D67CF22E0778F262E463C0F64AA37F92FBC4415FE675673F3F92544E109E5032E488F185F1CFBC839FE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8......h9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..,....p.......2..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_keccak.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):16384
                                                                                                                                                                                                                                                Entropy (8bit):5.235115741550938
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:XTRgffnRaNfBj9xih1LPK73jm6AXiN4rSRIh42gDhgvrjcqgCieT3WQ:XafgNpj9cHW3jqXeBRamDOZgCieT
                                                                                                                                                                                                                                                MD5:1E201DF4B4C8A8CD9DA1514C6C21D1C4
                                                                                                                                                                                                                                                SHA1:3DC8A9C20313AF189A3FFA51A2EAA1599586E1B2
                                                                                                                                                                                                                                                SHA-256:A428372185B72C90BE61AC45224133C4AF6AE6682C590B9A3968A757C0ABD6B4
                                                                                                                                                                                                                                                SHA-512:19232771D4EE3011938BA2A52FA8C32E00402055038B5EDF3DDB4C8691FA7AE751A1DC16766D777A41981B7C27B14E9C1AD6EBDA7FFE1B390205D0110546EE29
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%."... ......P.....................................................`.........................................`I......TJ..d....p.......`..p...............,....C...............................B..@............@...............................text...(!.......".................. ..`.rdata.......@.......&..............@..@.data........P.......6..............@....pdata..p....`.......8..............@..@.rsrc........p.......<..............@..@.reloc..,............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Hash\_poly1305.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):15360
                                                                                                                                                                                                                                                Entropy (8bit):5.133714807569085
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:JZNGXEgvUh43G6coX2SSwmPL4V7wTdDlpaY2cqgWjvE:EVMhuGGF2L4STdDyYWgWjvE
                                                                                                                                                                                                                                                MD5:76C84B62982843367C5F5D41B550825F
                                                                                                                                                                                                                                                SHA1:B6DE9B9BD0E2C84398EA89365E9F6D744836E03A
                                                                                                                                                                                                                                                SHA-256:EBCD946F1C432F93F396498A05BF07CC77EE8A74CE9C1A283BF9E23CA8618A4C
                                                                                                                                                                                                                                                SHA-512:03F8BB1D0D63BF26D8A6FFF62E94B85FFB4EA1857EB216A4DEB71C806CDE107BA0F9CC7017E3779489C5CEF5F0838EDB1D70F710BCDEB629364FC288794E6AFE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%..... ......P.....................................................`......................................... 9.......9..d....`.......P..|............p..,....3...............................1..@............0...............................text...X........................... ..`.rdata..(....0......."..............@..@.data........@.......2..............@....pdata..|....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..,....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Math\_modexp.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):35840
                                                                                                                                                                                                                                                Entropy (8bit):5.928082706906375
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:768:8bEkzS7+k9rMUb8cOe9rs9ja+V/Mhjh56GS:8bEP779rMtcOCs0I/Mhf
                                                                                                                                                                                                                                                MD5:B41160CF884B9E846B890E0645730834
                                                                                                                                                                                                                                                SHA1:A0F35613839A0F8F4A87506CD59200CCC3C09237
                                                                                                                                                                                                                                                SHA-256:48F296CCACE3878DE1148074510BD8D554A120CAFEF2D52C847E05EF7664FFC6
                                                                                                                                                                                                                                                SHA-512:F4D57351A627DD379D56C80DA035195292264F49DC94E597AA6638DF5F4CF69601F72CC64FC3C29C5CBE95D72326395C5C6F4938B7895C69A8D839654CFC8F26
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N4.|.U./.U./.U./.-a/.U./.*...U./A-...U./.U./!U./.*...U./.*...U./.*...U./0....U./0....U./0../.U./0....U./Rich.U./................PE..d......e.........." ...%.^...0......`.....................................................`..........................................~..|...\...d...............................,....s...............................q..@............p..(............................text...8].......^.................. ..`.rdata.......p.......b..............@..@.data................v..............@....pdata..............................@..@.rsrc...............................@..@.reloc..,...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Protocol\_scrypt.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                                                                                Entropy (8bit):4.799063285091512
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:nkCfXASTMeAk4OepIXcADp/X6RcqgO5vE:ZJMcPepIXcAD563gO5vE
                                                                                                                                                                                                                                                MD5:BA46602B59FCF8B01ABB135F1534D618
                                                                                                                                                                                                                                                SHA1:EFF5608E05639A17B08DCA5F9317E138BEF347B5
                                                                                                                                                                                                                                                SHA-256:B1BAB0E04AC60D1E7917621B03A8C72D1ED1F0251334E9FA12A8A1AC1F516529
                                                                                                                                                                                                                                                SHA-512:A5E2771623DA697D8EA2E3212FBDDE4E19B4A12982A689D42B351B244EFBA7EFA158E2ED1A2B5BC426A6F143E7DB810BA5542017AB09B5912B3ECC091F705C6E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*...*...*...RQ..*...U...*..R...*...*...*...U...*...U...*...U...*......*......*...=..*......*..Rich.*..................PE..d....e.........." ...%............P.....................................................`..........................................8..d...$9..d....`.......P..4............p..,....3...............................1..@............0...............................text...x........................... ..`.rdata.......0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\PublicKey\_ec_ws.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):754688
                                                                                                                                                                                                                                                Entropy (8bit):7.624959985050181
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:I1UrmZ9HoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6h9:gYmzHoxJFf1p34hcrn5Go9yQO6L
                                                                                                                                                                                                                                                MD5:3F20627FDED2CF90E366B48EDF031178
                                                                                                                                                                                                                                                SHA1:00CED7CD274EFB217975457906625B1B1DA9EBDF
                                                                                                                                                                                                                                                SHA-256:E36242855879D71AC57FBD42BB4AE29C6D80B056F57B18CEE0B6B1C0E8D2CF57
                                                                                                                                                                                                                                                SHA-512:05DE7C74592B925BB6D37528FC59452C152E0DCFC1D390EA1C48C057403A419E5BE40330B2C5D5657FEA91E05F6B96470DDDF9D84FF05B9FD4192F73D460093C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&:..b[.Lb[.Lb[.Lk#sLd[.Lw$.M`[.L)#.Ma[.Lb[.LI[.Lw$.Mn[.Lw$.Mj[.Lw$.Ma[.LX..Mg[.LX..Mc[.LX..Lc[.LX..Mc[.LRichb[.L........................PE..d....e.........." ...%.n..........`.....................................................`..........................................p..d...tq..d...............0...............4...@Z...............................Y..@...............(............................text....l.......n.................. ..`.rdata...............r..............@..@.data................j..............@....pdata..0............r..............@..@.rsrc...............................@..@.reloc..4...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\PublicKey\_ed25519.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):27648
                                                                                                                                                                                                                                                Entropy (8bit):5.792654050660321
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:hBwi/rOF26VZW1n0n/Is42g9qhrnW0mvPauYhz35sWJftjb1Ddsia15gkbQ0e1:/L/g28Ufsxg9GmvPauYLxtX1D/kf
                                                                                                                                                                                                                                                MD5:290D936C1E0544B6EC98F031C8C2E9A3
                                                                                                                                                                                                                                                SHA1:CAEEA607F2D9352DD605B6A5B13A0C0CB1EA26EC
                                                                                                                                                                                                                                                SHA-256:8B00C859E36CBCE3EC19F18FA35E3A29B79DE54DA6030AAAD220AD766EDCDF0A
                                                                                                                                                                                                                                                SHA-512:F08B67B633D3A3F57F1183950390A35BF73B384855EAAB3AE895101FBC07BCC4990886F8DE657635AD528D6C861BC2793999857472A5307FFAA963AA6685D7E8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..........)......................................R......R......RE.....R.....Rich...........PE..d....e.........." ...%.F...(......P.....................................................`..........................................j..0....k..d...............................,...pc..............................0b..@............`...............................text...xD.......F.................. ..`.rdata.."....`.......J..............@..@.data................\..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..,............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\PublicKey\_ed448.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):67072
                                                                                                                                                                                                                                                Entropy (8bit):6.060461288575063
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:1536:nqctkGACFI5t35q2JbL0UbkrwwOoKXyMH1B7M9rMdccdWxRLpq:nqctkGACFI5t35q2JbgrwwOoqLTM9rMh
                                                                                                                                                                                                                                                MD5:5782081B2A6F0A3C6B200869B89C7F7D
                                                                                                                                                                                                                                                SHA1:0D4E113FB52FE1923FE05CDF2AB9A4A9ABEFC42E
                                                                                                                                                                                                                                                SHA-256:E72E06C721DD617140EDEBADD866A91CF97F7215CBB732ECBEEA42C208931F49
                                                                                                                                                                                                                                                SHA-512:F7FD695E093EDE26FCFD0EE45ADB49D841538EB9DAAE5B0812F29F0C942FB13762E352C2255F5DB8911F10FA1B6749755B51AAE1C43D8DF06F1D10DE5E603706
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N4.|.U./.U./.U./.-a/.U./.*...U./A-...U./.U./!U./.*...U./.*...U./.*...U./0....U./0....U./0../.U./0....U./Rich.U./................PE..d......e.........." ...%.....8......`........................................@............`.........................................`...h.......d.... .......................0..,.......................................@............................................text............................... ..`.rdata..*...........................@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..,....0......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\PublicKey\_x25519.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10752
                                                                                                                                                                                                                                                Entropy (8bit):4.488437566846231
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:tpVVdJvbrqTu6ZdpvY0IluLfcC75JiC4cs89EfqADwhDTAbcX6gn/7EC:5VddiT7pgTctdErDwDTicqgn/7
                                                                                                                                                                                                                                                MD5:289EBF8B1A4F3A12614CFA1399250D3A
                                                                                                                                                                                                                                                SHA1:66C05F77D814424B9509DD828111D93BC9FA9811
                                                                                                                                                                                                                                                SHA-256:79AC6F73C71CA8FDA442A42A116A34C62802F0F7E17729182899327971CFEB23
                                                                                                                                                                                                                                                SHA-512:4B95A210C9A4539332E2FB894D7DE4E1B34894876CCD06EEC5B0FC6F6E47DE75C0E298CF2F3B5832C9E028861A53B8C8E8A172A3BE3EC29A2C9E346642412138
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.h.r.h.r.h.{...p.h.g.i.p.h.9.i.q.h.r.i.V.h.g.m.y.h.g.l.z.h.g.k.q.h.H.`.s.h.H.h.s.h.H...s.h.H.j.s.h.Richr.h.........................PE..d....e.........." ...%............P........................................p............`..........................................'..P...0(..P....P.......@...............`..,...P#..............................."..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Util\_cpuid_c.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10240
                                                                                                                                                                                                                                                Entropy (8bit):4.730605326965181
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:MJVVdJvbrqTu6ZdpvY0IluLfcC75JiCKs89EVAElIijKDQGrbMZYJWJcX6gbW6s:CVddiT7pgTctEEaEDKDlMCWJcqgbW6
                                                                                                                                                                                                                                                MD5:4D9C33AE53B38A9494B6FBFA3491149E
                                                                                                                                                                                                                                                SHA1:1A069E277B7E90A3AB0DCDEE1FE244632C9C3BE4
                                                                                                                                                                                                                                                SHA-256:0828CAD4D742D97888D3DFCE59E82369317847651BBA0F166023CB8ACA790B2B
                                                                                                                                                                                                                                                SHA-512:BDFBF29198A0C7ED69204BF9E9B6174EBB9E3BEE297DD1EB8EB9EA6D7CAF1CC5E076F7B44893E58CCF3D0958F5E3BDEE12BD090714BEB5889836EE6F12F0F49E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.`.r.`.r.`.{...p.`.g.a.p.`.9.a.q.`.r.a.Q.`.g.e.y.`.g.d.z.`.g.c.q.`.H.h.s.`.H.`.s.`.H...s.`.H.b.s.`.Richr.`.................PE..d....e.........." ...%............P........................................p............`..........................................'..|....'..P....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..,....`.......&..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\Crypto\Util\_strxor.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10240
                                                                                                                                                                                                                                                Entropy (8bit):4.685843290341897
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:6ZVVdJvbrqTu6ZdpvY0IluLfcC75JiCKs89EMz3DHWMoG4BcX6gbW6O:IVddiT7pgTctEEO3DLoHcqgbW6
                                                                                                                                                                                                                                                MD5:8F4313755F65509357E281744941BD36
                                                                                                                                                                                                                                                SHA1:2AAF3F89E56EC6731B2A5FA40A2FE69B751EAFC0
                                                                                                                                                                                                                                                SHA-256:70D90DDF87A9608699BE6BBEDF89AD469632FD0ADC20A69DA07618596D443639
                                                                                                                                                                                                                                                SHA-512:FED2B1007E31D73F18605FB164FEE5B46034155AB5BB7FE9B255241CFA75FF0E39749200EB47A9AB1380D9F36F51AFBA45490979AB7D112F4D673A0C67899EF4
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.`.r.`.r.`.{...p.`.g.a.p.`.9.a.q.`.r.a.Q.`.g.e.y.`.g.d.z.`.g.c.q.`.H.h.s.`.H.`.s.`.H...s.`.H.b.s.`.Richr.`.................PE..d....e.........." ...%............P........................................p............`.........................................`'..t....'..P....P.......@...............`..,...."...............................!..@............ ...............................text...x........................... ..`.rdata....... ......................@..@.data...8....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..,....`.......&..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\VCRUNTIME140.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):119192
                                                                                                                                                                                                                                                Entropy (8bit):6.6016214745004635
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:1536:+qvQ1Dj2DkX7OcujarvmdlYNABCmgrP4ddbkZIecbWcFML/UXzlghzdMFw84hzk:+qvQ1D2CreiABCmgYecbWVLUD6h+b4ho
                                                                                                                                                                                                                                                MD5:BE8DBE2DC77EBE7F88F910C61AEC691A
                                                                                                                                                                                                                                                SHA1:A19F08BB2B1C1DE5BB61DAF9F2304531321E0E40
                                                                                                                                                                                                                                                SHA-256:4D292623516F65C80482081E62D5DADB759DC16E851DE5DB24C3CBB57B87DB83
                                                                                                                                                                                                                                                SHA-512:0DA644472B374F1DA449A06623983D0477405B5229E386ACCADB154B43B8B083EE89F07C3F04D2C0C7501EAD99AD95AECAA5873FF34C5EEB833285B598D5A655
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../c../c../c._]b./c..W.../c../b./c../c../c...`./c...g./c...f./c...c./c....../c...a./c.Rich./c.........................PE..d.....cW.........." ...&. ...d......................................................-.....`A.........................................e..4...4m...........................O...........N..p............................L..@............0...............................text...&........................... ..`fothk........ ...................... ..`.rdata..\C...0...D...$..............@..@.data...p............h..............@....pdata...............l..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\VCRUNTIME140_1.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):49528
                                                                                                                                                                                                                                                Entropy (8bit):6.662491747506177
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:768:wPIyGVrxmKqOnA4j3z6Su77A+i0QLxi9z9Rtii9zn+:fBr87uW1nA8QLx+zrti+zn+
                                                                                                                                                                                                                                                MD5:F8DFA78045620CF8A732E67D1B1EB53D
                                                                                                                                                                                                                                                SHA1:FF9A604D8C99405BFDBBF4295825D3FCBC792704
                                                                                                                                                                                                                                                SHA-256:A113F192195F245F17389E6ECBED8005990BCB2476DDAD33F7C4C6C86327AFE5
                                                                                                                                                                                                                                                SHA-512:BA7F8B7AB0DEB7A7113124C28092B543E216CA08D1CF158D9F40A326FB69F4A2511A41A59EA8482A10C9EC4EC8AC69B70DFE9CA65E525097D93B819D498DA371
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9@.W}!..}!..}!...S...!..{....!..tYJ.v!..}!..N!..{...x!..{...z!..{...f!..{...|!..{.&.|!..{...|!..Rich}!..................PE..d.....v..........." ...&.<...8.......B...................................................`A........................................Pm.......m..x....................r..xO......D....c..p...........................`b..@............P..`............................text...p:.......<.................. ..`.rdata...#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\_asyncio.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):71448
                                                                                                                                                                                                                                                Entropy (8bit):6.247581706260346
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:1536:rRaPPkDN3nkiP6djtX5IkTIL1yUvGJtIAOnT7SyqWx5:9anmN3nkikjV5IkTIL1yUuJtIAOnTgi
                                                                                                                                                                                                                                                MD5:209CBCB4E1A16AA39466A6119322343C
                                                                                                                                                                                                                                                SHA1:CDCCE6B64EBF11FECFF739CBC57E7A98D6620801
                                                                                                                                                                                                                                                SHA-256:F7069734D5174F54E89B88D717133BFF6A41B01E57F79957AB3F02DAA583F9E2
                                                                                                                                                                                                                                                SHA-512:5BBC4EDE01729E628260CF39DF5809624EAE795FD7D51A1ED770ED54663955674593A97B78F66DBF6AE268186273840806ED06D6F7877444D32FDCA031A9F0DA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z2.T.S...S...S...+r..S...,...S...,...S...,...S...,...S..$....S..U+...S...S...S..$....S..$....S..$....S..$....S..Rich.S..........PE..d......e.........." ...%.f................................................... ......')....`.............................................P......d......................../..............T...........................@...@............................................text...=d.......f.................. ..`.rdata..pO.......P...j..............@..@.data...(...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\_bz2.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):84760
                                                                                                                                                                                                                                                Entropy (8bit):6.5874715807724025
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:1536:RS7z7Sj2u5in5IVfC83zYxzbdK87kW1IACVw7SyrxX:I7z+jum3MJdN7kW1IACVwX
                                                                                                                                                                                                                                                MD5:59D60A559C23202BEB622021AF29E8A9
                                                                                                                                                                                                                                                SHA1:A405F23916833F1B882F37BDBBA2DD799F93EA32
                                                                                                                                                                                                                                                SHA-256:706D4A0C26DD454538926CBB2FF6C64257C3D9BD48C956F7CABD6DEF36FFD13E
                                                                                                                                                                                                                                                SHA-512:2F60E79603CF456B2A14B8254CEC75CE8BE0A28D55A874D4FB23D92D63BBE781ED823AB0F4D13A23DC60C4DF505CBF1DBE1A0A2049B02E4BDEC8D374898002B1
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<..R..R..R......R...S..R.....R...W..R...V..R...Q..R...S..R..S..R..S..R..._..R...R..R......R...P..R.Rich.R.........................PE..d......e.........." ...%.....^......|........................................P......-B....`.............................................H............0....... ..,......../...@..........T...........................p...@............................................text...k........................... ..`.rdata..p>.......@..................@..@.data...............................@....pdata..,.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\_cffi_backend.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):182784
                                                                                                                                                                                                                                                Entropy (8bit):6.193615170968096
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3072:YRAMUp3K6YoDssyudy4VcRG+nR3hnW3mjwwOdkS9S7iSSTLkK/jftw3buz:Y6MyK65ssy+MG+LnSUwjD9zSSTLL/jl8
                                                                                                                                                                                                                                                MD5:0572B13646141D0B1A5718E35549577C
                                                                                                                                                                                                                                                SHA1:EEB40363C1F456C1C612D3C7E4923210EAE4CDF7
                                                                                                                                                                                                                                                SHA-256:D8A76D1E31BBD62A482DEA9115FC1A109CB39AF4CF6D1323409175F3C93113A7
                                                                                                                                                                                                                                                SHA-512:67C28432CA8B389ACC26E47EB8C4977FDDD4AF9214819F89DF07FECBC8ED750D5F35807A1B195508DD1D77E2A7A9D7265049DCFBFE7665A7FD1BA45DA1E4E842
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........(...I.C.I.C.I.C.1MC.I.C.<.B.I.C.&#C.I.C.<.B.I.C.<.B.I.C.<.B.I.C.1.B.I.C.4.B.I.C.I.C I.C.<.B.I.C.1KC.I.C.<.B.I.C.<!C.I.C.<.B.I.CRich.I.C................PE..d...g..e.........." .........@......`........................................@............`..........................................w..l....w....... ..........l............0.......]...............................]..8............................................text............................... ..`.rdata..............................@..@.data...h].......0...|..............@....pdata..l...........................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\_ctypes.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):125208
                                                                                                                                                                                                                                                Entropy (8bit):6.128664719423826
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3072:DGR936Xz4mHFK0K+bRFOoP+Szlf/EZZBKYyucV6rOoZIALPEA:qQHLK+bvvPNhf/Ei6CoX
                                                                                                                                                                                                                                                MD5:2A834C3738742D45C0A06D40221CC588
                                                                                                                                                                                                                                                SHA1:606705A593631D6767467FB38F9300D7CD04AB3E
                                                                                                                                                                                                                                                SHA-256:F20DFA748B878751EA1C4FE77A230D65212720652B99C4E5577BCE461BBD9089
                                                                                                                                                                                                                                                SHA-512:924235A506CE4D635FA7C2B34E5D8E77EFF73F963E58E29C6EF89DB157BF7BAB587678BB2120D09DA70594926D82D87DBAA5D247E861E331CF591D45EA19A117
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......x...<...<...<...5.*.:...)...>...)...0...)...4...)...8.......>...w...=...w...:.......?...<..........:.......=.....F.=.......=...Rich<...........................PE..d......e.........." ...%............p_..............................................]R....`.........................................``.......`.........................../......p.......T...............................@............................................text............................... ..`.rdata..Xl.......n..................@..@.data....4.......0...j..............@....pdata..............................@..@.rsrc...............................@..@.reloc..p...........................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\_decimal.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):252696
                                                                                                                                                                                                                                                Entropy (8bit):6.564448148079112
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:Agvd9YyMipyD41q8xDiw9qWM53pLW1AQRRRrBoZtcr3:AQ8yryD47hix4orcr3
                                                                                                                                                                                                                                                MD5:F930B7550574446A015BC602D59B0948
                                                                                                                                                                                                                                                SHA1:4EE6FF8019C6C540525BDD2790FC76385CDD6186
                                                                                                                                                                                                                                                SHA-256:3B9AD1D2BC9EC03D37DA86135853DAC73B3FE851B164FE52265564A81EB8C544
                                                                                                                                                                                                                                                SHA-512:10B864975945D6504433554F9FF11B47218CAA00F809C6BCE00F9E4089B862190A4219F659697A4BA5E5C21EDBE1D8D325950921E09371ACC4410469BD9189EE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mBP\.,.\.,.\.,.Ut..R.,.Is-.^.,.Is).Q.,.Is(.T.,.Is/.X.,.f.-._.,..t-.^.,.\.-...,.f./.].,.f.!.S.,.f.,.].,.f...].,.f...].,.Rich\.,.........PE..d......e.........." ...%.t...<......................................................6.....`.........................................@T..P....T..................0'......./......P...@...T...............................@............................................text....r.......t.................. ..`.rdata...............x..............@..@.data....*...p...$...P..............@....pdata..0'.......(...t..............@..@.rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\_hashlib.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):65816
                                                                                                                                                                                                                                                Entropy (8bit):6.242741772115205
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:1536:MElYij3wz91lBafLEmIRhtIAOIW7SybpxC:hYZBaTEmghtIAOIWE
                                                                                                                                                                                                                                                MD5:B0262BD89A59A3699BFA75C4DCC3EE06
                                                                                                                                                                                                                                                SHA1:EB658849C646A26572DEA7F6BFC042CB62FB49DC
                                                                                                                                                                                                                                                SHA-256:4ADFBBD6366D9B55D902FC54D2B42E7C8C989A83016ED707BD7A302FC3FC7B67
                                                                                                                                                                                                                                                SHA-512:2E4B214DE3B306E3A16124AF434FF8F5AB832AA3EEB1AA0AA9B49B0ADA0928DCBB05C57909292FBE3B01126F4CD3FE0DAC9CC15EAEA5F3844D6E267865B9F7B1
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u...&...&...&.}&...&..'...&..'...&..'...&..'...&...'...&.x.'...&...&}..&.x.'...&.x.'...&.x.&...&.x.'...&Rich...&........................PE..d.....e.........." ...%.T..........P@....................................................`.............................................P.............................../......X...@}..T............................|..@............p..(............................text....S.......T.................. ..`.rdata..&O...p...P...X..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\_lzma.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):159512
                                                                                                                                                                                                                                                Entropy (8bit):6.846323229710623
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3072:Fik7me1FFD+znfF9mNo+Mu6tmxzE41IAZ1Ak:FikSiUNYO+J1E4b
                                                                                                                                                                                                                                                MD5:B71DBE0F137FFBDA6C3A89D5BCBF1017
                                                                                                                                                                                                                                                SHA1:A2E2BDC40FDB83CC625C5B5E8A336CA3F0C29C5F
                                                                                                                                                                                                                                                SHA-256:6216173194B29875E84963CD4DC4752F7CA9493F5B1FD7E4130CA0E411C8AC6A
                                                                                                                                                                                                                                                SHA-512:9A5C7B1E25D8E1B5738F01AEDFD468C1837F1AC8DD4A5B1D24CE86DCAE0DB1C5B20F2FF4280960BC523AEE70B71DB54FD515047CDAF10D21A8BEC3EBD6663358
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......RH:..)T..)T..)T..Q...)T..VU..)T..VQ..)T..VP..)T..VW..)T.,.U..)T.]QU..)T..)U.s)T.,.Y.,)T.,.T..)T.,....)T.,.V..)T.Rich.)T.........PE..d.....e.........." ...%.d...........6....................................................`......................................... %..L...l%..x....p.......P.......@.../......4.......T...............................@............................................text....b.......d.................. ..`.rdata..............h..............@..@.data...(....@......................@....pdata.......P....... ..............@..@.rsrc........p.......4..............@..@.reloc..4............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\_multiprocessing.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):35096
                                                                                                                                                                                                                                                Entropy (8bit):6.461229529356597
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:768:OgYvrenSE0PXxxQ0zi+mdIAWtd5YiSyviCAMxkEj:vYTQShxQ0zlmdIAWtD7SyKAxv
                                                                                                                                                                                                                                                MD5:4CCBD87D76AF221F24221530F5F035D1
                                                                                                                                                                                                                                                SHA1:D02B989AAAC7657E8B3A70A6EE7758A0B258851B
                                                                                                                                                                                                                                                SHA-256:C7BBCFE2511FD1B71B916A22AD6537D60948FFA7BDE207FEFABEE84EF53CAFB5
                                                                                                                                                                                                                                                SHA-512:34D808ADAC96A66CA434D209F2F151A9640B359B8419DC51BA24477E485685AF10C4596A398A85269E8F03F0FC533645907D7D854733750A35BF6C691DE37799
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........*..y..y..y..y..y...x..y...x..y...x..y...x..y.J.x..y..y..y...x..y.J.x..y.J.x..y.Jky..y.J.x..yRich..y................PE..d......e.........." ...%.....>......P...............................................^.....`.........................................0E..`....E..x............p.......Z.../...........4..T............................3..@............0...............................text............................... ..`.rdata..r ...0..."..."..............@..@.data........`.......D..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\_overlapped.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):55576
                                                                                                                                                                                                                                                Entropy (8bit):6.342203411267264
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:1536:wXRnts3McbN6w/xzWssXZdR1r3RIAXtI7SyNxQ:IRvcsXZdR1rRIAXtI6
                                                                                                                                                                                                                                                MD5:61193E813A61A545E2D366439C1EE22A
                                                                                                                                                                                                                                                SHA1:F404447B0D9BFF49A7431C41653633C501986D60
                                                                                                                                                                                                                                                SHA-256:C21B50A7BF9DBE1A0768F5030CAC378D58705A9FE1F08D953129332BEB0FBEFC
                                                                                                                                                                                                                                                SHA-512:747E4D5EA1BDF8C1E808579498834E1C24641D434546BFFDFCF326E0DE8D5814504623A3D3729168B0098824C2B8929AFC339674B0D923388B9DAC66F5D9D996
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.{..w(..w(..w(.s.(..w(.tv)..w(.tr)..w(.ts)..w(.tt)..w(.v)..w(..v(..w(.sv)..w(.ss)..w(.z)..w(.w)..w(..(..w(.u)..w(Rich..w(........................PE..d......e.........." ...%.L...`............................................................`.............................................X...X............................/......(....f..T............................e..@............`...............................text....J.......L.................. ..`.rdata..D8...`...:...P..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..(...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\_queue.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):32536
                                                                                                                                                                                                                                                Entropy (8bit):6.4674944702653665
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:768:0k+cae6rjp5MoNOfZIAQUM5YiSyvjAMxkEKu:5vSjgoNOfZIAQU27SyLxv
                                                                                                                                                                                                                                                MD5:F3ECA4F0B2C6C17ACE348E06042981A4
                                                                                                                                                                                                                                                SHA1:EB694DDA8FF2FE4CCAE876DC0515A8EFEC40E20E
                                                                                                                                                                                                                                                SHA-256:FB57EE6ADF6E7B11451B6920DDD2FB943DCD9561C9EAE64FDDA27C7ED0BC1B04
                                                                                                                                                                                                                                                SHA-512:604593460666045CA48F63D4B14FA250F9C4B9E5C7E228CC9202E7692C125AACB0018B89FAA562A4197692A9BC3D2382F9E085B305272EE0A39264A2A0F53B75
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z2.\.Sa..Sa..Sa..+...Sa..,`..Sa..,d..Sa..,e..Sa..,b..Sa.$.`..Sa.U+`..Sa..S`.USa.$.l..Sa.$.a..Sa.$...Sa.$.c..Sa.Rich.Sa.........PE..d......e.........." ...%.....8.......................................................I....`..........................................C..L....C..d....p.......`.......P.../..........p4..T...........................03..@............0..8............................text...(........................... ..`.rdata.......0......................@..@.data........P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\_socket.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):83224
                                                                                                                                                                                                                                                Entropy (8bit):6.338326324626716
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:1536:MUuhDLiJfz76Xl+1ly+uCt9/s+S+pzcHS58/n1IsJHfsZIALwqw7Syraxi:MU6DL4fHdy+uCt9/sT+pzuSQ1IwHfsZS
                                                                                                                                                                                                                                                MD5:9C6283CC17F9D86106B706EC4EA77356
                                                                                                                                                                                                                                                SHA1:AF4F2F52CE6122F340E5EA1F021F98B1FFD6D5B6
                                                                                                                                                                                                                                                SHA-256:5CC62AAC52EDF87916DEB4EBBAD9ABB58A6A3565B32E7544F672ACA305C38027
                                                                                                                                                                                                                                                SHA-512:11FD6F570DD78F8FF00BE645E47472A96DAFFA3253E8BD29183BCCDE3F0746F7E436A106E9A68C57CC05B80A112365441D06CC719D51C906703B428A32C93124
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|../8z.|8z.|8z.|1.T|>z.|-..}:z.|-..}5z.|-..}0z.|-..};z.|...}:z.|8z.|.z.|s..}1z.|...}9z.|...}9z.|..8|9z.|...}9z.|Rich8z.|........PE..d......e.........." ...%.v...........-.......................................`............`.............................................P............@.......0.........../...P..........T...............................@............................................text....u.......v.................. ..`.rdata...x.......z...z..............@..@.data...H...........................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\_sqlite3.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):124696
                                                                                                                                                                                                                                                Entropy (8bit):6.266006891462829
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3072:9PfqZRAWgyjwzCO4w5y3DUfUK8PtIAOQMo:oAWgKw2C5iSUv1
                                                                                                                                                                                                                                                MD5:506B13DD3D5892B16857E3E3B8A95AFB
                                                                                                                                                                                                                                                SHA1:42E654B36F1C79000084599D49B862E4E23D75FF
                                                                                                                                                                                                                                                SHA-256:04F645A32B0C58760CC6C71D09224FE90E50409EF5C81D69C85D151DFE65AFF9
                                                                                                                                                                                                                                                SHA-512:A94F0E9F2212E0B89EB0B5C64598B18AF71B59E1297F0F6475FA4674AE56780B1E586B5EB952C8C9FEBAD38C28AFD784273BBF56645DB2C405AFAE6F472FB65C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................................}........................:...................:......:......:......:.....Rich...................PE..d.....e.........." ...%.............................................................d....`.........................................`o..P....o..................8......../.......... ...T...............................@............................................text............................... ..`.rdata..............................@..@.data...8............|..............@....pdata..8...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\_ssl.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):177432
                                                                                                                                                                                                                                                Entropy (8bit):5.976892131161338
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3072:1CRW4ljuyKK8vZktW5No6XfJN54eNWXvM4VRJNI7IM/cbP7RHs3FJZ1IAC7+y:1mfEyKKaZo6XfJ2MSV+JZW
                                                                                                                                                                                                                                                MD5:DDB21BD1ACDE4264754C49842DE7EBC9
                                                                                                                                                                                                                                                SHA1:80252D0E35568E68DED68242D76F2A5D7E00001E
                                                                                                                                                                                                                                                SHA-256:72BB15CD8C14BA008A52D23CDCFC851A9A4BDE13DEEE302A5667C8AD60F94A57
                                                                                                                                                                                                                                                SHA-512:464520ECD1587F5CEDE6219FAAC2C903EE41D0E920BF3C9C270A544B040169DCD17A4E27F6826F480D4021077AB39A6CBBD35EBB3D71672EBB412023BC9E182A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........wfj...9...9...9.n.9...9.i.8...9.i.8...9.i.8...9.i.8...9...8...9...9U..9.n.8...9...8...9...8...9...9...9...8...9Rich...9........PE..d.....e.........." ...%............\,..............................................t.....`......................................... ...d.......................8......../......x...@...T...............................@............................................text.............................. ..`.rdata...!......."..................@..@.data...(...........................@....pdata..8............^..............@..@.rsrc................j..............@..@.reloc..x............t..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\_wmi.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):36632
                                                                                                                                                                                                                                                Entropy (8bit):6.357254511176439
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:768:6cxnHG7MYGQd0hHdzA77yeu1IACis5YiSyvoAMxkE9:6cxnm7M6dAHdzA77yeu1IACiW7Sy+xx
                                                                                                                                                                                                                                                MD5:C1654EBEBFEEDA425EADE8B77CA96DE5
                                                                                                                                                                                                                                                SHA1:A4A150F1C810077B6E762F689C657227CC4FD257
                                                                                                                                                                                                                                                SHA-256:AA1443A715FBF84A84F39BD89707271FC11A77B597D7324CE86FC5CFA56A63A9
                                                                                                                                                                                                                                                SHA-512:21705B991E75EFD5E59B8431A3B19AE5FCC38A3E7F137A9D52ACD24E7F67D61758E48ABC1C9C0D4314FA02010A1886C15EAD5BCA8DCA1B1D4CCBFC3C589D342E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........S..............l..............................z.......................................z.......z.......z.......z......Rich....................PE..d......e.........." ...%.(...:.......&..............................................!n....`..........................................T..H....T...............p..`....`.../......t...DG..T............................C..@............@.......S..@....................text....&.......(.................. ..`.rdata..D....@... ...,..............@..@.data........`.......L..............@....pdata..`....p.......P..............@..@.rsrc................T..............@..@.reloc..t............^..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-console-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12240
                                                                                                                                                                                                                                                Entropy (8bit):6.608323768366966
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:KFOWWthWzWf9BvVVWQ4mWqyVT/gqnajKsrCS81:uZWthWeN01IlGsrCt
                                                                                                                                                                                                                                                MD5:07EBE4D5CEF3301CCF07430F4C3E32D8
                                                                                                                                                                                                                                                SHA1:3B878B2B2720915773F16DBA6D493DAB0680AC5F
                                                                                                                                                                                                                                                SHA-256:8F8B79150E850ACC92FD6AAB614F6E3759BEA875134A62087D5DD65581E3001F
                                                                                                                                                                                                                                                SHA-512:6C7E4DF62EBAE9934B698F231CF51F54743CF3303CD758573D00F872B8ECC2AF1F556B094503AAE91100189C0D0A93EAF1B7CAFEC677F384A1D7B4FDA2EEE598
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................." .........................................................0............`A........................................p...,............ ...................!..............p............................................................................rdata..d...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):11736
                                                                                                                                                                                                                                                Entropy (8bit):6.6074868843808785
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:PUWthW6Wf9BvVVWQ4SWZifvXqnajJ6HNbLet:MWthW3NhXll6HZm
                                                                                                                                                                                                                                                MD5:557405C47613DE66B111D0E2B01F2FDB
                                                                                                                                                                                                                                                SHA1:DE116ED5DE1FFAA900732709E5E4EEF921EAD63C
                                                                                                                                                                                                                                                SHA-256:913EAAA7997A6AEE53574CFFB83F9C9C1700B1D8B46744A5E12D76A1E53376FD
                                                                                                                                                                                                                                                SHA-512:C2B326F555B2B7ACB7849402AC85922880105857C616EF98F7FB4BBBDC2CD7F2AF010F4A747875646FCC272AB8AA4CE290B6E09A9896CE1587E638502BD4BEFB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...p.~..........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..H...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-debug-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):11728
                                                                                                                                                                                                                                                Entropy (8bit):6.622854484071805
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:tlWthWFWf9BvVVWQ4mWIzWLiP+CjAWqnajKsNb7:/WthWANnWLiP+CcWlGsNb7
                                                                                                                                                                                                                                                MD5:624401F31A706B1AE2245EB19264DC7F
                                                                                                                                                                                                                                                SHA1:8D9DEF3750C18DDFC044D5568E3406D5D0FB9285
                                                                                                                                                                                                                                                SHA-256:58A8D69DF60ECBEE776CD9A74B2A32B14BF2B0BD92D527EC5F19502A0D3EB8E9
                                                                                                                                                                                                                                                SHA-512:3353734B556D6EEBC57734827450CE3B34D010E0C033E95A6E60800C0FDA79A1958EBF9053F12054026525D95D24EEC541633186F00F162475CEC19F07A0D817
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...YJ..........." .........................................................0.......s....`A........................................p................ ...................!..............p............................................................................rdata..T...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):11728
                                                                                                                                                                                                                                                Entropy (8bit):6.670771733256744
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:1mxD3+HWthWiWf9BvVVWQ4WWuhD7DiqnajKswz3:19HWthWfN/GlGswz3
                                                                                                                                                                                                                                                MD5:2DB5666D3600A4ABCE86BE0099C6B881
                                                                                                                                                                                                                                                SHA1:63D5DDA4CEC0076884BC678C691BDD2A4FA1D906
                                                                                                                                                                                                                                                SHA-256:46079C0A1B660FC187AAFD760707F369D0B60D424D878C57685545A3FCE95819
                                                                                                                                                                                                                                                SHA-512:7C6E1E022DB4217A85A4012C8E4DAEE0A0F987E4FBA8A4C952424EF28E250BAC38B088C242D72B4641157B7CC882161AEFA177765A2E23AFCDC627188A084345
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....^[..........." .........................................................0......@^....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-file-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):15328
                                                                                                                                                                                                                                                Entropy (8bit):6.561472518225768
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:RaNYPvVX8rFTsoWthWgWf9BvVVWQ4SWfMaPOoI80Hy5qnajslBE87QyX:HPvVXqWthWlN2WlslEE87Qw
                                                                                                                                                                                                                                                MD5:0F7D418C05128246AFA335A1FB400CB9
                                                                                                                                                                                                                                                SHA1:F6313E371ED5A1DFFE35815CC5D25981184D0368
                                                                                                                                                                                                                                                SHA-256:5C9BC70586AD538B0DF1FCF5D6F1F3527450AE16935AA34BD7EB494B4F1B2DB9
                                                                                                                                                                                                                                                SHA-512:7555D9D3311C8622DF6782748C2186A3738C4807FC58DF2F75E539729FC4069DB23739F391950303F12E0D25DF9F065B4C52E13B2EBB6D417CA4C12CFDECA631
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...*.;A.........." .........................................................@.......m....`A........................................p................0...................!..............p............................................................................rdata..<...........................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-file-l1-2-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):11728
                                                                                                                                                                                                                                                Entropy (8bit):6.638884356866373
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:jlWaWthWAWf9BvVVWQ4WWloprVP+CjAWqnajKsNWqL:jIaWthWFNxtVP+CcWlGsNxL
                                                                                                                                                                                                                                                MD5:5A72A803DF2B425D5AAFF21F0F064011
                                                                                                                                                                                                                                                SHA1:4B31963D981C07A7AB2A0D1A706067C539C55EC5
                                                                                                                                                                                                                                                SHA-256:629E52BA4E2DCA91B10EF7729A1722888E01284EED7DDA6030D0A1EC46C94086
                                                                                                                                                                                                                                                SHA-512:BF44997C405C2BA80100EB0F2FF7304938FC69E4D7AE3EAC52B3C236C3188E80C9F18BDA226B5F4FDE0112320E74C198AD985F9FFD7CEA99ACA22980C39C7F69
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...=+vj.........." .........................................................0.......N....`A........................................p...L............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-file-l2-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):11744
                                                                                                                                                                                                                                                Entropy (8bit):6.744400973311854
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:imdzvQzEWthWwMVDEs3f0DHDsVBIwgmqvrnDD0ADEs3TDL2L4m2grMWaLN5DEs3r:v3WthWyWf9BvVVWQ4SWVVFJqqnajW2y
                                                                                                                                                                                                                                                MD5:721B60B85094851C06D572F0BD5D88CD
                                                                                                                                                                                                                                                SHA1:4D0EE4D717AEB9C35DA8621A545D3E2B9F19B4E7
                                                                                                                                                                                                                                                SHA-256:DAC867476CAA42FF8DF8F5DFE869FFD56A18DADEE17D47889AFB69ED6519AFBF
                                                                                                                                                                                                                                                SHA-512:430A91FCECDE4C8CC4AC7EB9B4C6619243AB244EE88C34C9E93CA918E54BD42B08ACA8EA4475D4C0F5FA95241E4AACB3206CBAE863E92D15528C8E7C9F45601B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d..............." .........................................................0......T`....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-handle-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):11736
                                                                                                                                                                                                                                                Entropy (8bit):6.638488013343178
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:frWthWFWf9BvVVWQ4SWNOfvXqnajJ6H4WJ:frWthWANRXll6H4WJ
                                                                                                                                                                                                                                                MD5:D1DF480505F2D23C0B5C53DF2E0E2A1A
                                                                                                                                                                                                                                                SHA1:207DB9568AFD273E864B05C87282987E7E81D0BA
                                                                                                                                                                                                                                                SHA-256:0B3DFB8554EAD94D5DA7859A12DB353942406F9D1DFE3FAC3D48663C233EA99D
                                                                                                                                                                                                                                                SHA-512:F14239420F5DD84A15FF5FCA2FAD81D0AA9280C566FA581122A018E10EBDF308AC0BF1D3FCFC08634C1058C395C767130C5ABCA55540295C68DF24FFD931CA0A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....(..........." .........................................................0......;.....`A........................................p...`............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-heap-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12256
                                                                                                                                                                                                                                                Entropy (8bit):6.588267640761022
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:txlkWthW2Wf9BvVVWQ4SWBBBuUgxfzfqnaj0OTWv:txlkWthW7NkIrloFv
                                                                                                                                                                                                                                                MD5:73433EBFC9A47ED16EA544DDD308EAF8
                                                                                                                                                                                                                                                SHA1:AC1DA1378DD79762C6619C9A63FD1EBE4D360C6F
                                                                                                                                                                                                                                                SHA-256:C43075B1D2386A8A262DE628C93A65350E52EAE82582B27F879708364B978E29
                                                                                                                                                                                                                                                SHA-512:1C28CC0D3D02D4C308A86E9D0BC2DA88333DFA8C92305EC706F3E389F7BB6D15053040AFD1C4F0AA3383F3549495343A537D09FE882DB6ED12B7507115E5A263
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....pi..........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..<...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):11728
                                                                                                                                                                                                                                                Entropy (8bit):6.678828474114903
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:4TWthWckWf9BvVVWQ4mWQAyUD7DiqnajKswzjdg:4TWthWcRNqGlGswzji
                                                                                                                                                                                                                                                MD5:7C7B61FFA29209B13D2506418746780B
                                                                                                                                                                                                                                                SHA1:08F3A819B5229734D98D58291BE4BFA0BEC8F761
                                                                                                                                                                                                                                                SHA-256:C23FE8D5C3CA89189D11EC8DF983CC144D168CB54D9EAB5D9532767BCB2F1FA3
                                                                                                                                                                                                                                                SHA-512:6E5E3485D980E7E2824665CBFE4F1619B3E61CE3BCBF103979532E2B1C3D22C89F65BCFBDDBB5FE88CDDD096F8FD72D498E8EE35C3C2307BACECC6DEBBC1C97F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....|............" .........................................................0.......3....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12752
                                                                                                                                                                                                                                                Entropy (8bit):6.602852377056617
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:Us13vuBL3B5LoWthW7Wf9BvVVWQ4mWgB7OQP+CjAWqnajKsN9arO:Us13vuBL3B2WthWmNVXP+CcWlGsN9P
                                                                                                                                                                                                                                                MD5:6D0550D3A64BD3FD1D1B739133EFB133
                                                                                                                                                                                                                                                SHA1:C7596FDE7EA1C676F0CC679CED8BA810D15A4AFE
                                                                                                                                                                                                                                                SHA-256:F320F9C0463DE641B396CE7561AF995DE32211E144407828B117088CF289DF91
                                                                                                                                                                                                                                                SHA-512:5DA9D490EF54A1129C94CE51349399B9012FC0D4B575AE6C9F1BAFCFCF7F65266F797C539489F882D4AD924C94428B72F5137009A851ECB541FE7FB9DE12FEB2
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...]. ,.........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..X...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):14800
                                                                                                                                                                                                                                                Entropy (8bit):6.528059454770997
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:On2OMw3zdp3bwjGfue9/0jCRrndbZWWthWdNHhfVlGsSH:/OMwBprwjGfue9/0jCRrndbLEKv
                                                                                                                                                                                                                                                MD5:1ED0B196AB58EDB58FCF84E1739C63CE
                                                                                                                                                                                                                                                SHA1:AC7D6C77629BDEE1DF7E380CC9559E09D51D75B7
                                                                                                                                                                                                                                                SHA-256:8664222823E122FCA724620FD8B72187FC5336C737D891D3CEF85F4F533B8DE2
                                                                                                                                                                                                                                                SHA-512:E1FA7F14F39C97AAA3104F3E13098626B5F7CFD665BA52DCB2312A329639AAF5083A9177E4686D11C4213E28ACC40E2C027988074B6CC13C5016D5C5E9EF897B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...w............" .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-memory-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12240
                                                                                                                                                                                                                                                Entropy (8bit):6.659218747104705
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:2E+tWthWvWf9BvVVWQ4mWxHD7DiqnajKswzGIAf:T+tWthWiNcGlGswzLAf
                                                                                                                                                                                                                                                MD5:721BAEA26A27134792C5CCC613F212B2
                                                                                                                                                                                                                                                SHA1:2A27DCD2436DF656A8264A949D9CE00EAB4E35E8
                                                                                                                                                                                                                                                SHA-256:5D9767D8CCA0FBFD5801BFF2E0C2ADDDD1BAAAA8175543625609ABCE1A9257BD
                                                                                                                                                                                                                                                SHA-512:9FD6058407AA95058ED2FDA9D391B7A35FA99395EC719B83C5116E91C9B448A6D853ECC731D0BDF448D1436382EECC1FA9101F73FA242D826CC13C4FD881D9BD
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...,OT..........." .........................................................0...........`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):11728
                                                                                                                                                                                                                                                Entropy (8bit):6.739082809754283
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:vdWthW8Wf9BvVVWQ4mWG2P+CjAWqnajKsNt:lWthWJNUP+CcWlGsNt
                                                                                                                                                                                                                                                MD5:B3F887142F40CB176B59E58458F8C46D
                                                                                                                                                                                                                                                SHA1:A05948ABA6F58EB99BBAC54FA3ED0338D40CBFAD
                                                                                                                                                                                                                                                SHA-256:8E015CDF2561450ED9A0773BE1159463163C19EAB2B6976155117D16C36519DA
                                                                                                                                                                                                                                                SHA-512:7B762319EC58E3FCB84B215AE142699B766FA9D5A26E1A727572EE6ED4F5D19C859EFB568C0268846B4AA5506422D6DD9B4854DA2C9B419BFEC754F547203F7E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...X.j..........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12752
                                                                                                                                                                                                                                                Entropy (8bit):6.601112204637961
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:GFPWthW5Wf9BvVVWQ4mWc0ZD7DiqnajKswzczr:GFPWthWsNiGlGswzq
                                                                                                                                                                                                                                                MD5:89F35CB1212A1FD8FBE960795C92D6E8
                                                                                                                                                                                                                                                SHA1:061AE273A75324885DD098EE1FF4246A97E1E60C
                                                                                                                                                                                                                                                SHA-256:058EB7CE88C22D2FF7D3E61E6593CA4E3D6DF449F984BF251D9432665E1517D1
                                                                                                                                                                                                                                                SHA-512:F9E81F1FEAB1535128B16E9FF389BD3DAAAB8D1DABF64270F9E563BE9D370C023DE5D5306DD0DE6D27A5A099E7C073D17499442F058EC1D20B9D37F56BCFE6D2
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...ig............" .........................................................0......H.....`A........................................p...H............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):14288
                                                                                                                                                                                                                                                Entropy (8bit):6.521808801015781
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:/uUk1Jzb9cKcIzWthWzaWf9BvVVWQ4mWmrcLUVT/gqnajKsrCOV:/bk1JzBcKcIzWthWzXNz1IlGsrCOV
                                                                                                                                                                                                                                                MD5:0C933A4B3C2FCF1F805EDD849428C732
                                                                                                                                                                                                                                                SHA1:B8B19318DBB1D2B7D262527ABD1468D099DE3FB6
                                                                                                                                                                                                                                                SHA-256:A5B733E3DCE21AB62BD4010F151B3578C6F1246DA4A96D51AC60817865648DD3
                                                                                                                                                                                                                                                SHA-512:B25ED54345A5B14E06AA9DADD07B465C14C23225023D7225E04FBD8A439E184A7D43AB40DF80E3F8A3C0F2D5C7A79B402DDC6B9093D0D798E612F4406284E39D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....U..........." .........................................................0......Y.....`A........................................p................ ...................!..............p............................................................................rdata..4...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12240
                                                                                                                                                                                                                                                Entropy (8bit):6.671157737548847
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:7oDfIeVWthWZWf9BvVVWQ4mWaHvP+CjAWqnajKsNZ:7oDfIeVWthWMNVP+CcWlGsNZ
                                                                                                                                                                                                                                                MD5:7E8B61D27A9D04E28D4DAE0BFA0902ED
                                                                                                                                                                                                                                                SHA1:861A7B31022915F26FB49C79AC357C65782C9F4B
                                                                                                                                                                                                                                                SHA-256:1EF06C600C451E66E744B2CA356B7F4B7B88BA2F52EC7795858D21525848AC8C
                                                                                                                                                                                                                                                SHA-512:1C5B35026937B45BEB76CB8D79334A306342C57A8E36CC15D633458582FC8F7D9AB70ACE7A92144288C6C017F33ECFC20477A04432619B40A21C9CDA8D249F6D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d..............." .........................................................0......N.....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):11728
                                                                                                                                                                                                                                                Entropy (8bit):6.599056003106114
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:gR7WthWTVWf9BvVVWQ4mWg2a5P+CjAWqnajKsNQbWl:gVWthWkN/P+CcWlGsNMg
                                                                                                                                                                                                                                                MD5:8D12FFD920314B71F2C32614CC124FEC
                                                                                                                                                                                                                                                SHA1:251A98F2C75C2E25FFD0580F90657A3EA7895F30
                                                                                                                                                                                                                                                SHA-256:E63550608DD58040304EA85367E9E0722038BA8E7DC7BF9D91C4D84F0EC65887
                                                                                                                                                                                                                                                SHA-512:5084C739D7DE465A9A78BCDBB8A3BD063B84A68DCFD3C9EF1BFA224C1CC06580E2A2523FD4696CFC48E9FD068A2C44DBC794DD9BDB43DC74B4E854C82ECD3EA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....X4.........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12240
                                                                                                                                                                                                                                                Entropy (8bit):6.602527553095181
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:zGeVfcWthW+Wf9BvVVWQ4mWMiSID7DiqnajKswz5g:zGeVfcWthWjN6SIGlGswza
                                                                                                                                                                                                                                                MD5:9FA3FC24186D912B0694A572847D6D74
                                                                                                                                                                                                                                                SHA1:93184E00CBDDACAB7F2AD78447D0EAC1B764114D
                                                                                                                                                                                                                                                SHA-256:91508AB353B90B30FF2551020E9755D7AB0E860308F16C2F6417DFB2E9A75014
                                                                                                                                                                                                                                                SHA-512:95AD31C9082F57EA57F5B4C605331FCAD62735A1862AFB01EF8A67FEA4E450154C1AE0C411CF3AC5B9CD35741F8100409CC1910F69C1B2D807D252389812F594
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....P..........." .........................................................0.......`....`A........................................p................ ...................!..............p............................................................................rdata..P...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-string-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):11728
                                                                                                                                                                                                                                                Entropy (8bit):6.6806369134652055
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:qyMv0WthWPWf9BvVVWQ4mWIv/r+YVqnajKsSF:qyMv0WthWCNBfVlGsSF
                                                                                                                                                                                                                                                MD5:C9CBAD5632D4D42A1BC25CCFA8833601
                                                                                                                                                                                                                                                SHA1:09F37353A89F1BFE49F7508559DA2922B8EFEB05
                                                                                                                                                                                                                                                SHA-256:F3A7A9C98EBE915B1B57C16E27FFFD4DDF31A82F0F21C06FE292878E48F5883E
                                                                                                                                                                                                                                                SHA-512:2412E0AFFDC6DB069DE7BD9666B7BAA1CD76AA8D976C9649A4C2F1FFCE27F8269C9B02DA5FD486EC86B54231B1A5EBF6A1C72790815B7C253FEE1F211086892F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....E.=.........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..,...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):13776
                                                                                                                                                                                                                                                Entropy (8bit):6.573983778839785
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:miwidv3V0dfpkXc0vVauzIWthWLN3fVlGsStY:nHdv3VqpkXc0vVaKbiYlY
                                                                                                                                                                                                                                                MD5:4CCDE2D1681217E282996E27F3D9ED2E
                                                                                                                                                                                                                                                SHA1:8EDA134B0294ED35E4BBAC4911DA620301A3F34D
                                                                                                                                                                                                                                                SHA-256:D6708D1254ED88A948871771D6D1296945E1AA3AEB7E33E16CC378F396C61045
                                                                                                                                                                                                                                                SHA-512:93FE6AE9A947AC88CC5ED78996E555700340E110D12B2651F11956DB7CEE66322C269717D31FCCB31744F4C572A455B156B368F08B70EDA9EFFEC6DE01DBAB23
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....k,..........." .........................................................0......3.....`A........................................p...X............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12240
                                                                                                                                                                                                                                                Entropy (8bit):6.7137872023984055
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:TtZ3KjWthWzWf9BvVVWQ4mWXU0P+CjAWqnajKsN2v:TtZ3KjWthWeNwP+CcWlGsNa
                                                                                                                                                                                                                                                MD5:E86CFC5E1147C25972A5EEFED7BE989F
                                                                                                                                                                                                                                                SHA1:0075091C0B1F2809393C5B8B5921586BDD389B29
                                                                                                                                                                                                                                                SHA-256:72C639D1AFDA32A65143BCBE016FE5D8B46D17924F5F5190EB04EFE954C1199A
                                                                                                                                                                                                                                                SHA-512:EA58A8D5AA587B7F5BDE74B4D394921902412617100ED161A7E0BEF6B3C91C5DAE657065EA7805A152DD76992997017E070F5415EF120812B0D61A401AA8C110
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...jN/..........." .........................................................0............`A........................................p...x............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12768
                                                                                                                                                                                                                                                Entropy (8bit):6.614330511483598
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:vgdKIMFYJWthW2Wf9BvVVWQ4SW2zZ7uUgxfzfqnaj0OGWh:0hJWthW7NBzIrloYh
                                                                                                                                                                                                                                                MD5:206ADCB409A1C9A026F7AFDFC2933202
                                                                                                                                                                                                                                                SHA1:BB67E1232A536A4D1AE63370BD1A9B5431335E77
                                                                                                                                                                                                                                                SHA-256:76D8E4ED946DEEFEEFA0D0012C276F0B61F3D1C84AF00533F4931546CBB2F99E
                                                                                                                                                                                                                                                SHA-512:727AA0C4CD1A0B7E2AFFDCED5DA3A0E898E9BAE3C731FF804406AD13864CEE2B27E5BAAC653BAB9A0D2D961489915D4FCAD18557D4383ECB0A066902276955A7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....~y..........." .........................................................0............`A........................................p...H............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12240
                                                                                                                                                                                                                                                Entropy (8bit):6.704366348384627
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:Ha2WthWKOWf9BvVVWQ4mWNOrVT/gqnajKsrCkb:Ha2WthWKTNz1IlGsrCo
                                                                                                                                                                                                                                                MD5:91A2AE3C4EB79CF748E15A58108409AD
                                                                                                                                                                                                                                                SHA1:D402B9DF99723EA26A141BFC640D78EAF0B0111B
                                                                                                                                                                                                                                                SHA-256:B0EDA99EABD32FEFECC478FD9FE7439A3F646A864FDAB4EC3C1F18574B5F8B34
                                                                                                                                                                                                                                                SHA-512:8527AF610C1E2101B6F336A142B1A85AC9C19BB3AF4AD4A245CFB6FD602DC185DA0F7803358067099475102F3A8F10A834DC75B56D3E6DED2ED833C00AD217ED
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....%j.........." .........................................................0......|B....`A........................................p...P............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-core-util-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):11728
                                                                                                                                                                                                                                                Entropy (8bit):6.623077637622405
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:jWthWYWf9BvVVWQ4mWd8l1P+CjAWqnajKsNeCw:jWthW9NnP+CcWlGsNex
                                                                                                                                                                                                                                                MD5:1E4C4C8E643DE249401E954488744997
                                                                                                                                                                                                                                                SHA1:DB1C4C0FC907100F204B21474E8CD2DB0135BC61
                                                                                                                                                                                                                                                SHA-256:F28A8FE2CD7E8E00B6D2EC273C16DB6E6EEA9B6B16F7F69887154B6228AF981E
                                                                                                                                                                                                                                                SHA-512:EF8411FD321C0E363C2E5742312CC566E616D4B0A65EFF4FB6F1B22FDBEA3410E1D75B99E889939FF70AD4629C84CEDC88F6794896428C5F0355143443FDC3A3
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....R..........." .........................................................0............`A........................................p...<............ ...................!..............p............................................................................rdata..p...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12752
                                                                                                                                                                                                                                                Entropy (8bit):6.643812426159955
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:fSWthWvWf9BvVVWQ4mWFl5P+CjAWqnajKsNifl:aWthWiN+5P+CcWlGsNiN
                                                                                                                                                                                                                                                MD5:FA770BCD70208A479BDE8086D02C22DA
                                                                                                                                                                                                                                                SHA1:28EE5F3CE3732A55CA60AEE781212F117C6F3B26
                                                                                                                                                                                                                                                SHA-256:E677497C1BAEFFFB33A17D22A99B76B7FA7AE7A0C84E12FDA27D9BE5C3D104CF
                                                                                                                                                                                                                                                SHA-512:F8D81E350CEBDBA5AFB579A072BAD7986691E9F3D4C9FEBCA8756B807301782EE6EB5BA16B045CFA29B6E4F4696E0554C718D36D4E64431F46D1E4B1F42DC2B8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................" .........................................................0......l.....`A........................................P................ ...................!..............p............................................................................rdata..@...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):15824
                                                                                                                                                                                                                                                Entropy (8bit):6.438848882089563
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:yjQ/w8u4cyNWthWYWf9BvVVWQ4mWhu1BVT/gqnajKsrC74m:8yNWthW9Np1IlGsrCEm
                                                                                                                                                                                                                                                MD5:4EC4790281017E616AF632DA1DC624E1
                                                                                                                                                                                                                                                SHA1:342B15C5D3E34AB4AC0B9904B95D0D5B074447B7
                                                                                                                                                                                                                                                SHA-256:5CF5BBB861608131B5F560CBF34A3292C80886B7C75357ACC779E0BF98E16639
                                                                                                                                                                                                                                                SHA-512:80C4E20D37EFF29C7577B2D0ED67539A9C2C228EDB48AB05D72648A6ED38F5FF537715C130342BEB0E3EF16EB11179B9B484303354A026BDA3A86D5414D24E69
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....P............" .........................................................@............`A........................................P................0...................!..............p............................................................................rdata..>...........................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12240
                                                                                                                                                                                                                                                Entropy (8bit):6.6061629057490245
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:vWOPWthWAWf9BvVVWQ4mWWbgftmP+CjAWqnajKsNURPblh:BWthWFN+f8P+CcWlGsNURzv
                                                                                                                                                                                                                                                MD5:7A859E91FDCF78A584AC93AA85371BC9
                                                                                                                                                                                                                                                SHA1:1FA9D9CAD7CC26808E697373C1F5F32AAF59D6B7
                                                                                                                                                                                                                                                SHA-256:B7EE468F5B6C650DADA7DB3AD9E115A0E97135B3DF095C3220DFD22BA277B607
                                                                                                                                                                                                                                                SHA-512:A368F21ECA765AFCA86E03D59CF953500770F4A5BFF8B86B2AC53F1B5174C627E061CE9A1F781DC56506774E0D0B09725E9698D4DC2D3A59E93DA7EF3D900887
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...t............." .........................................................0......H.....`A........................................P..."............ ...................!..............p............................................................................rdata..r...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):13776
                                                                                                                                                                                                                                                Entropy (8bit):6.65347762698107
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:WxSnWlC0i5ClWthWTWf9BvVVWQ4mW+hkKVT/gqnajKsrCw/:WxSnWm5ClWthW+NkK1IlGsrCY
                                                                                                                                                                                                                                                MD5:972544ADE7E32BFDEB28B39BC734CDEE
                                                                                                                                                                                                                                                SHA1:87816F4AFABBDEC0EC2CFEB417748398505C5AA9
                                                                                                                                                                                                                                                SHA-256:7102F8D9D0F3F689129D7FE071B234077FBA4DD3687071D1E2AEAA137B123F86
                                                                                                                                                                                                                                                SHA-512:5E1131B405E0C7A255B1C51073AFF99E2D5C0D28FD3E55CABC04D463758A575A954008EA1BA5B4E2B345B49AF448B93AD21DFC4A01573B3CB6E7256D9ECCEEF1
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...1............" .........................................................0......':....`A........................................P................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12752
                                                                                                                                                                                                                                                Entropy (8bit):6.58394079658593
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:YFY17aFBRQWthWIWf9BvVVWQ4mWHhOP+CjAWqnajKsNngJ:YQtWthWNNdP+CcWlGsNI
                                                                                                                                                                                                                                                MD5:8906279245F7385B189A6B0B67DF2D7C
                                                                                                                                                                                                                                                SHA1:FCF03D9043A2DAAFE8E28DEE0B130513677227E4
                                                                                                                                                                                                                                                SHA-256:F5183B8D7462C01031992267FE85680AB9C5B279BEDC0B25AB219F7C2184766F
                                                                                                                                                                                                                                                SHA-512:67CAC89AE58CC715976107F3BDF279B1E78945AFD07E6F657E076D78E92EE1A98E3E7B8FEAE295AF5CE35E00C804F3F53A890895BADB1EED32377D85C21672B9
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................." .........................................................0.......l....`A........................................P................ ...................!..............p............................................................................rdata..f...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12240
                                                                                                                                                                                                                                                Entropy (8bit):6.696904963591775
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:m8qWthWLWf9BvVVWQ4WWLXlyBZr+YVqnajKsS1:mlWthWWN0uZfVlGsS1
                                                                                                                                                                                                                                                MD5:DD8176E132EEDEA3322443046AC35CA2
                                                                                                                                                                                                                                                SHA1:D13587C7CC52B2C6FBCAA548C8ED2C771A260769
                                                                                                                                                                                                                                                SHA-256:2EB96422375F1A7B687115B132A4005D2E7D3D5DC091FB0EB22A6471E712848E
                                                                                                                                                                                                                                                SHA-512:77CB8C44C8CC8DD29997FBA4424407579AC91176482DB3CF7BC37E1F9F6AA4C4F5BA14862D2F3A9C05D1FDD7CA5A043B5F566BD0E9A9E1ED837DA9C11803B253
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...r..[.........." .........................................................0.......P....`A........................................P...e............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):20944
                                                                                                                                                                                                                                                Entropy (8bit):6.216554714002396
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:rQM4Oe59Ckb1hgmLRWthW0N0JBJ1IlGsrC5W:sMq59Bb1jYNABHJc
                                                                                                                                                                                                                                                MD5:A6A3D6D11D623E16866F38185853FACD
                                                                                                                                                                                                                                                SHA1:FBEADD1E9016908ECCE5753DE1D435D6FCF3D0B5
                                                                                                                                                                                                                                                SHA-256:A768339F0B03674735404248A039EC8591FCBA6FF61A3C6812414537BADD23B0
                                                                                                                                                                                                                                                SHA-512:ABBF32CEB35E5EC6C1562F9F3B2652B96B7DBD97BFC08D918F987C0EC0503E8390DD697476B2A2389F0172CD8CF16029FD2EC5F32A9BA3688BF2EBEEFB081B2C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d..............." .........,...............................................P............`A........................................P....%...........@...............0...!..............p............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12752
                                                                                                                                                                                                                                                Entropy (8bit):6.604643094751227
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:uFdyqjd7NWthWxWf9BvVVWQ4mW+JZD7DiqnajKswzR1:YQsWthWkNfZGlGswzR1
                                                                                                                                                                                                                                                MD5:074B81A625FB68159431BB556D28FAB5
                                                                                                                                                                                                                                                SHA1:20F8EAD66D548CFA861BC366BB1250CED165BE24
                                                                                                                                                                                                                                                SHA-256:3AF38920E767BD9EBC08F88EAF2D08C748A267C7EC60EAB41C49B3F282A4CF65
                                                                                                                                                                                                                                                SHA-512:36388C3EFFA0D94CF626DECAA1DA427801CC5607A2106ABDADF92252C6F6FD2CE5BF0802F5D0A4245A1FFDB4481464C99D60510CF95E83EBAF17BD3D6ACBC3DC
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....u..........." .........................................................0............`A........................................P...x............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):16336
                                                                                                                                                                                                                                                Entropy (8bit):6.449023660091811
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:eUW9MPrpJhhf4AN5/KihWthWBWf9BvVVWQ4mWRXwsD7DiqnajKswzK:eUZr7HWthWUNkGlGswzK
                                                                                                                                                                                                                                                MD5:F1A23C251FCBB7041496352EC9BCFFBE
                                                                                                                                                                                                                                                SHA1:BE4A00642EC82465BC7B3D0CC07D4E8DF72094E8
                                                                                                                                                                                                                                                SHA-256:D899C2F061952B3B97AB9CDBCA2450290B0F005909DDD243ED0F4C511D32C198
                                                                                                                                                                                                                                                SHA-512:31F8C5CD3B6E153073E2E2EDF0CA8072D0F787784F1611A57219349C1D57D6798A3ADBD6942B0F16CEF781634DD8691A5EC0B506DF21B24CB70AEE5523A03FD9
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....h.y.........." .........................................................@............`A........................................P...4............0...................!..............p............................................................................rdata..............................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):17872
                                                                                                                                                                                                                                                Entropy (8bit):6.3934828478655685
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:hA2uWYFxEpahDWthWDWf9BvVVWQ4mWR3ir+YVqnajKsSO:hIFVhDWthWONlfVlGsSO
                                                                                                                                                                                                                                                MD5:55B2EB7F17F82B2096E94BCA9D2DB901
                                                                                                                                                                                                                                                SHA1:44D85F1B1134EE7A609165E9C142188C0F0B17E0
                                                                                                                                                                                                                                                SHA-256:F9D3F380023A4C45E74170FE69B32BCA506EE1E1FBE670D965D5B50C616DA0CB
                                                                                                                                                                                                                                                SHA-512:0CF0770F5965A83F546253DECFA967D8F85C340B5F6EA220D3CAA14245F3CDB37C53BF8D3DA6C35297B22A3FA88E7621202634F6B3649D7D9C166A221D3456A5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d......w.........." ......... ...............................................@......>>....`A........................................P...a............0...............$...!..............p............................................................................rdata..............................@..@.rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):18384
                                                                                                                                                                                                                                                Entropy (8bit):6.279474608881223
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:jvEvevdv8vPozmVx0C5yguNvZ5VQgx3SbwA7yMVIkFGlPWthWXNjqujGlGswz7:2ozmT5yguNvZ5VQgx3SbwA71IkFFaJft
                                                                                                                                                                                                                                                MD5:9B79965F06FD756A5EFDE11E8D373108
                                                                                                                                                                                                                                                SHA1:3B9DE8BF6B912F19F7742AD34A875CBE2B5FFA50
                                                                                                                                                                                                                                                SHA-256:1A916C0DB285DEB02C0B9DF4D08DAD5EA95700A6A812EA067BD637A91101A9F6
                                                                                                                                                                                                                                                SHA-512:7D4155C00D65C3554E90575178A80D20DC7C80D543C4B5C4C3F508F0811482515638FE513E291B82F958B4D7A63C9876BE4E368557B07FF062961197ED4286FB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...$............" ........."...............................................@............`A........................................P................0...............&...!..............p............................................................................rdata../...........................@..@.rsrc........0......."..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):14288
                                                                                                                                                                                                                                                Entropy (8bit):6.547753630184197
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:ENDCWthWHWf9BvVVWQ4mWG5xqcVT/gqnajKsrC/V:TWthW6N/xqc1IlGsrC/V
                                                                                                                                                                                                                                                MD5:1D48A3189A55B632798F0E859628B0FB
                                                                                                                                                                                                                                                SHA1:61569A8E4F37ADC353986D83EFC90DC043CDC673
                                                                                                                                                                                                                                                SHA-256:B56BC94E8539603DD2F0FEA2F25EFD17966315067442507DB4BFFAFCBC2955B0
                                                                                                                                                                                                                                                SHA-512:47F329102B703BFBB1EBAEB5203D1C8404A0C912019193C93D150A95BB0C5BA8DC101AC56D3283285F9F91239FC64A66A5357AFE428A919B0BE7194BADA1F64F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...E............" .........................................................0......f.....`A........................................P................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12240
                                                                                                                                                                                                                                                Entropy (8bit):6.686357863452704
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:ZjfHQdufWthWCWf9BvVVWQ4mWMlUteSP+CjAWqnajKsN0c:ZfZWthW/Nd4P+CcWlGsN0c
                                                                                                                                                                                                                                                MD5:DBC27D384679916BA76316FB5E972EA6
                                                                                                                                                                                                                                                SHA1:FB9F021F2220C852F6FF4EA94E8577368F0616A4
                                                                                                                                                                                                                                                SHA-256:DD14133ADF5C534539298422F6C4B52739F80ACA8C5A85CA8C966DEA9964CEB1
                                                                                                                                                                                                                                                SHA-512:CC0D8C56749CCB9D007B6D3F5C4A8F1D4E368BB81446EBCD7CC7B40399BBD56D0ACABA588CA172ECB7472A8CBDDBD4C366FFA38094A832F6D7E343B813BA565E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....@n#.........." .........................................................0............`A........................................P...^............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\base_library.zip

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1332263
                                                                                                                                                                                                                                                Entropy (8bit):5.5864676354018465
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:uttcY+bStOmgRF1+fYNXPh26UZWAzCu7joqYnhjHgkVHdmmPnHz1dG6sF7aYceM:uttcY+UHCiCAd+cqHdmmPHzvwaYceM
                                                                                                                                                                                                                                                MD5:630153AC2B37B16B8C5B0DBB69A3B9D6
                                                                                                                                                                                                                                                SHA1:F901CD701FE081489B45D18157B4A15C83943D9D
                                                                                                                                                                                                                                                SHA-256:EC4E6B8E9F6F1F4B525AF72D3A6827807C7A81978CB03DB5767028EBEA283BE2
                                                                                                                                                                                                                                                SHA-512:7E3A434C8DF80D32E66036D831CBD6661641C0898BD0838A07038B460261BF25B72A626DEF06D0FAA692CAF64412CA699B1FA7A848FE9D969756E097CBA39E41
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:PK..........!.x[_C............_collections_abc.pyc......................................Z.....d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.............Z...e.d.........Z.d...Z...e.e.........Z.[.g.d...Z.d.Z...e...e.d.................Z...e...e...e.........................Z...e...e.i.j%..........................................Z...e...e.i.j)..........................................Z...e...e.i.j-..........................................Z...e...e.g.................Z...e...e...e.g.........................Z...e...e...e.d.........................Z...e...e...e.d.d.z...........................Z...e...e...e.........................Z...e...e.d.................Z ..e...e.d.................Z!..e...e...e"........................Z#..e.i.j%..................................Z$..e.i.j)..................................Z%..e.i.j-..................................Z&..e.e.jN..........................Z(..e...d...................Z)d...Z*..e*........Z*..e.e*........Z+e*jY............................[*d...Z-..e-........

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\certifi\cacert.pem

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):290282
                                                                                                                                                                                                                                                Entropy (8bit):6.048183244201235
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:QW1H/M8fRR1jplkXURrVADwYCuCigT/Q5MSRqNb7d8iu5Np:QWN/TRJLWURrI55MWavdF0L
                                                                                                                                                                                                                                                MD5:302B49C5F476C0AE35571430BB2E4AA0
                                                                                                                                                                                                                                                SHA1:35A7837A3F1B960807BF46B1C95EC22792262846
                                                                                                                                                                                                                                                SHA-256:CF9D37FA81407AFE11DCC0D70FE602561422AA2344708C324E4504DB8C6C5748
                                                                                                                                                                                                                                                SHA-512:1345AF52984B570B1FF223032575FEB36CDFB4F38E75E0BD3B998BC46E9C646F7AC5C583D23A70460219299B9C04875EF672BF5A0D614618731DF9B7A5637D0A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\charset_normalizer\md.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10752
                                                                                                                                                                                                                                                Entropy (8bit):4.674392865869017
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:KGUmje72HzA5iJGhU2Y0hQMsQJCUCLsZEA4elh3XQMtCFXiHBpv9cX6gTim1qeSC:rjQ2HzzU2bRYoe1HH9cqgTimoe
                                                                                                                                                                                                                                                MD5:D9E0217A89D9B9D1D778F7E197E0C191
                                                                                                                                                                                                                                                SHA1:EC692661FCC0B89E0C3BDE1773A6168D285B4F0D
                                                                                                                                                                                                                                                SHA-256:ECF12E2C0A00C0ED4E2343EA956D78EED55E5A36BA49773633B2DFE7B04335C0
                                                                                                                                                                                                                                                SHA-512:3B788AC88C1F2D682C1721C61D223A529697C7E43280686B914467B3B39E7D6DEBAFF4C0E2F42E9DDDB28B522F37CB5A3011E91C66D911609C63509F9228133D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..............................M....................................... ...?.......?.......?.a.....?.......Rich............................PE..d....jAe.........." ...%.....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\charset_normalizer\md__mypyc.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):122880
                                                                                                                                                                                                                                                Entropy (8bit):5.917175475547778
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3072:bA3W6Fck6/g5DzNa4cMy/dzpd1dhdMdJGFEr6/vD:MW6NzcMy/d13FErgvD
                                                                                                                                                                                                                                                MD5:BF9A9DA1CF3C98346002648C3EAE6DCF
                                                                                                                                                                                                                                                SHA1:DB16C09FDC1722631A7A9C465BFE173D94EB5D8B
                                                                                                                                                                                                                                                SHA-256:4107B1D6F11D842074A9F21323290BBE97E8EED4AA778FBC348EE09CC4FA4637
                                                                                                                                                                                                                                                SHA-512:7371407D12E632FC8FB031393838D36E6A1FE1E978CED36FF750D84E183CDE6DD20F75074F4597742C9F8D6F87AF12794C589D596A81B920C6C62EE2BA2E5654
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..r...r...r......r...s...r...s...r...w...r...v..r...q...r.#.s...r...s...r..8z...r..8r...r..8....r..8p...r.Rich..r.........................PE..d....jAe.........." ...%.:...........<.......................................0............`.........................................@...d.......................(............ ......P...................................@............P...............................text....8.......:.................. ..`.rdata...W...P...X...>..............@..@.data...8=.......0..................@....pdata..(...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\cryptography-41.0.7.dist-info\INSTALLER

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):4
                                                                                                                                                                                                                                                Entropy (8bit):1.5
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:Mn:M
                                                                                                                                                                                                                                                MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                                SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                                SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                                SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:pip.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\cryptography-41.0.7.dist-info\LICENSE

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):197
                                                                                                                                                                                                                                                Entropy (8bit):4.61968998873571
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                                                                MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                                                                SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                                                                SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                                                                SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\cryptography-41.0.7.dist-info\LICENSE.APACHE

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):11360
                                                                                                                                                                                                                                                Entropy (8bit):4.426756947907149
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                                                                MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                                                                SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                                                                SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                                                                SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\cryptography-41.0.7.dist-info\LICENSE.BSD

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1532
                                                                                                                                                                                                                                                Entropy (8bit):5.058591167088024
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                                                                MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                                                                SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                                                                SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                                                                SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\cryptography-41.0.7.dist-info\METADATA

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):5292
                                                                                                                                                                                                                                                Entropy (8bit):5.115440205505611
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:DxapqZink/QIHQIyzQIZQILuQIR8vtklGovxNx6sWwCvCCcTKvIrrg9BMM6VwDjz:sJnkoBs/sqLz8cTKvIrrUiM6VwDjyeWs
                                                                                                                                                                                                                                                MD5:137D13F917D94C83137A0FA5AE12B467
                                                                                                                                                                                                                                                SHA1:01E93402C225BF2A4EE59F9A06F8062CB5E4801E
                                                                                                                                                                                                                                                SHA-256:36738E6971D2F20DB78433185A0EF7912A48544AA6FF7006505A7DC785158859
                                                                                                                                                                                                                                                SHA-512:1B22CBC6E22FA5E2BD5CC4A370443A342D00E7DD53330A4000E9A680DE80262BCA7188764E3568944D01025188291602AC8C53C971630984FBD9FA7D75AAB124
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:Metadata-Version: 2.1..Name: cryptography..Version: 41.0.7..Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers...Author-email: The Python Cryptographic Authority and individual contributors <cryptography-dev@python.org>..License: Apache-2.0 OR BSD-3-Clause..Project-URL: homepage, https://github.com/pyca/cryptography..Project-URL: documentation, https://cryptography.io/..Project-URL: source, https://github.com/pyca/cryptography/..Project-URL: issues, https://github.com/pyca/cryptography/issues..Project-URL: changelog, https://cryptography.io/en/latest/changelog/..Classifier: Development Status :: 5 - Production/Stable..Classifier: Intended Audience :: Developers..Classifier: License :: OSI Approved :: Apache Software License..Classifier: License :: OSI Approved :: BSD License..Classifier: Natural Language :: English..Classifier: Operating System :: MacOS :: MacOS X..Classifier: Operating System :: POSIX..Classifier: Operating Syst

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\cryptography-41.0.7.dist-info\RECORD

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):15334
                                                                                                                                                                                                                                                Entropy (8bit):5.552806309785179
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:3X62U/ZfaigdSwJN5i6s7B0Ppzx6uvndLE4:3NUxfzgFthE4
                                                                                                                                                                                                                                                MD5:D88787EC6163B4F45579EA7CF7F56044
                                                                                                                                                                                                                                                SHA1:B241754AF16F5B2523DE1D07520DADB5ABA559BA
                                                                                                                                                                                                                                                SHA-256:E5265DE4206BAB1FB0C96212067AA1EB479C85AB0495B915938DDB365B0C948D
                                                                                                                                                                                                                                                SHA-512:F4F1C213458AC42A3417A870F7C6D2A125950F588C76F8A83D605242ABBDBCC2CBE70CA49A700710AA23AC143F2702963DEA48043C5CA86FBF0D3CE07126C696
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:cryptography-41.0.7.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-41.0.7.dist-info/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-41.0.7.dist-info/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-41.0.7.dist-info/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography-41.0.7.dist-info/METADATA,sha256=NnOOaXHS8g23hDMYWg73kSpIVEqm_3AGUFp9x4UViFk,5292..cryptography-41.0.7.dist-info/RECORD,,..cryptography-41.0.7.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..cryptography-41.0.7.dist-info/WHEEL,sha256=-EX5DQzNGQEoyL99Q-0P0-D-CXbfqafenaAeiSQ_Ufk,100..cryptography-41.0.7.dist-info/top_level.txt,sha256=KNaT-Sn2K4uxNaEbe6mYdDn3qWDMlp4y-MtWfB73nJc,13..cryptography/__about__.py,sha256=uPXMbbcptt7EzZ_jllGRx0pVdMn-NBsAM4L74hOv-b0,445..cryptography/__init__.py,sha256=iVPlBlXWTJyiFeRedxcbMPhyHB34viOM10d72vGnWuE,364..cryptography/__pycache__/_

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\cryptography-41.0.7.dist-info\WHEEL

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):100
                                                                                                                                                                                                                                                Entropy (8bit):5.0203365408149025
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:RtEeX7MWcSlVlbY3KgP+tkKc/SKQLn:RtBMwlVCxWKxDQLn
                                                                                                                                                                                                                                                MD5:4B432A99682DE414B29A683A3546B69F
                                                                                                                                                                                                                                                SHA1:F59C5016889EE5E9F62D09B22AEFBC2211A56C93
                                                                                                                                                                                                                                                SHA-256:F845F90D0CCD190128C8BF7D43ED0FD3E0FE0976DFA9A7DE9DA01E89243F51F9
                                                                                                                                                                                                                                                SHA-512:CBBF10E19B6F4072C416EA95D7AE259B9C5A1B89068B7B6660B7C637D6F2437AEA8D8202A2E26A0BEC36DAECD8BBB6B59016FC2DDEB13C545F0868B3E15479CA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.42.0).Root-Is-Purelib: false.Tag: cp37-abi3-win_amd64..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\cryptography-41.0.7.dist-info\top_level.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):13
                                                                                                                                                                                                                                                Entropy (8bit):3.2389012566026314
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:cOv:Nv
                                                                                                                                                                                                                                                MD5:E7274BD06FF93210298E7117D11EA631
                                                                                                                                                                                                                                                SHA1:7132C9EC1FD99924D658CC672F3AFE98AFEFAB8A
                                                                                                                                                                                                                                                SHA-256:28D693F929F62B8BB135A11B7BA9987439F7A960CC969E32F8CB567C1EF79C97
                                                                                                                                                                                                                                                SHA-512:AA6021C4E60A6382630BEBC1E16944F9B312359D645FC61219E9A3F19D876FD600E07DCA6932DCD7A1E15BFDEAC7DBDCEB9FFFCD5CA0E5377B82268ED19DE225
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:cryptography.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):6673920
                                                                                                                                                                                                                                                Entropy (8bit):6.582002531606852
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:98304:EzN+T+xtLlk0PPMAiGoTzeDy3x8lGBlWi9Nk:E5Y6Jk0PPMtfTzp3x8c
                                                                                                                                                                                                                                                MD5:486085AAC7BB246A173CEEA0879230AF
                                                                                                                                                                                                                                                SHA1:EF1095843B2A9C6D8285C7D9E8E334A9CE812FAE
                                                                                                                                                                                                                                                SHA-256:C3964FC08E4CA8BC193F131DEF6CC4B4724B18073AA0E12FED8B87C2E627DC83
                                                                                                                                                                                                                                                SHA-512:8A56774A08DA0AB9DD561D21FEBEEBC23A5DEA6F63D5638EA1B608CD923B857DF1F096262865E6EBD56B13EFD3BBA8D714FFDCE8316293229974532C49136460
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......QN.../.../.../...W(../......./......./......./......./...R.../...Z.../..^W.../.../...-../...",......./.../.../......./......./..Rich./..........PE..d...M7ee.........." ...&..M..........L...................................... f...........`......................................... .a.p.....a.|............Pb..............Pe.p...p.[.T.....................[.(...0.[.@............0M..............................text.....M.......M................. ..`.rdata.......0M.......M.............@..@.data........0a.......a.............@....pdata.......Pb.......b.............@..@.reloc..p....Pe.......e.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\libcrypto-3.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):5191960
                                                                                                                                                                                                                                                Entropy (8bit):5.962142634441191
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:98304:n3+pefu6fSar+SJ8aqfPomg1CPwDvt3uFlDCE:3G+u6fb+SJ8aqfwmg1CPwDvt3uFlDCE
                                                                                                                                                                                                                                                MD5:E547CF6D296A88F5B1C352C116DF7C0C
                                                                                                                                                                                                                                                SHA1:CAFA14E0367F7C13AD140FD556F10F320A039783
                                                                                                                                                                                                                                                SHA-256:05FE080EAB7FC535C51E10C1BD76A2F3E6217F9C91A25034774588881C3F99DE
                                                                                                                                                                                                                                                SHA-512:9F42EDF04C7AF350A00FA4FDF92B8E2E6F47AB9D2D41491985B20CD0ADDE4F694253399F6A88F4BDD765C4F49792F25FB01E84EC03FD5D0BE8BB61773D77D74D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l..l..l......l...m..l...i..l...h..l...o..l..m.y.l...m...l...o..l...h.l...l..l......l...n..l.Rich.l.........PE..d......e.........." ...%..7..4......v.........................................O.......P...`.........................................P.H.0....kN.@.....N.|.....K.d.....O../....N....P.C.8.............................C.@............`N..............................text.....7.......7................. ..`.rdata....... 7.......7.............@..@.data....n....K..<....J.............@....pdata..0.....K......4K.............@..@.idata...%...`N..&....N.............@..@.00cfg..u.....N.......N.............@..@.rsrc...|.....N......0N.............@..@.reloc........N......8N.............@..B................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\libffi-8.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):39696
                                                                                                                                                                                                                                                Entropy (8bit):6.641880464695502
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                                                                MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                                                                SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                                                                SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                                                                SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\libssl-3.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):787224
                                                                                                                                                                                                                                                Entropy (8bit):5.609561366841894
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:ytPc2nnGoNg4kSHoxX09yO5EavUFe9Xb12:y9jnnpTHoxXUsFe9XbM
                                                                                                                                                                                                                                                MD5:19A2ABA25456181D5FB572D88AC0E73E
                                                                                                                                                                                                                                                SHA1:656CA8CDFC9C3A6379536E2027E93408851483DB
                                                                                                                                                                                                                                                SHA-256:2E9FBCD8F7FDC13A5179533239811456554F2B3AA2FB10E1B17BE0DF81C79006
                                                                                                                                                                                                                                                SHA-512:DF17DC8A882363A6C5A1B78BA3CF448437D1118CCC4A6275CC7681551B13C1A4E0F94E30FFB94C3530B688B62BFF1C03E57C2C185A7DF2BF3E5737A06E114337
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>:V.PiV.PiV.Pi_..iX.PiC.QhT.Pi..QhT.PiC.UhZ.PiC.Th^.PiC.ShR.PillQhU.PiV.QiH.PillThf.PillPhW.Pill.iW.PillRhW.PiRichV.Pi................PE..d......e.........." ...%.*..........K........................................ ............`..........................................g...Q..............s.......@M......./......`.......8...........................`...@............p...............................text...D).......*.................. ..`.rdata..Hy...@...z..................@..@.data....N.......H..................@....pdata...V.......X..................@..@.idata...c...p...d...H..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..4...........................@..B........................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\psutil\_psutil_windows.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):67072
                                                                                                                                                                                                                                                Entropy (8bit):5.90551713971002
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:1536:ZhseNxkc7Xva0Y420G1UD+dS4gBeLmRy:Z1kcbi0Y42bUD+dS4oeiRy
                                                                                                                                                                                                                                                MD5:01F9D30DD889A3519E3CA93FE6EFEE70
                                                                                                                                                                                                                                                SHA1:EBF55ADBD8CD938C4C11D076203A3E54D995AEFF
                                                                                                                                                                                                                                                SHA-256:A66444A08A8B9CEAFA05DAEFEB32AA1E65C8009A3C480599F648FA52A20AFB7D
                                                                                                                                                                                                                                                SHA-512:76FED302D62BB38A39E0BF6C9038730E83B6AFFFA2F36E7A62B85770D4847EA6C688098061945509A1FDB799FB7F5C88699F94E7DA1934F88A9C3B6A433EE9EF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`T..$5..$5..$5..-M3..5..v@..&5..v@..(5..v@..,5..v@.. 5...k..&5..oM..55..$5...5...@..45...@..%5...@_.%5...@..%5..Rich$5..........................PE..d.....~e.........." .........h..............................................@............`.........................................P...`.......@.... .......................0..(.......................................8............................................text............................... ..`.rdata..|I.......J..................@..@.data...x...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\pyexpat.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):199448
                                                                                                                                                                                                                                                Entropy (8bit):6.385263095268062
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3072:gP9/HQAYp/8IdzL37lqrEJesY7p7Ndrjt8HWcFwUT6ZIALhNn6:opFYp/vdzL3pqrEJ2xDrJ8DdT6A
                                                                                                                                                                                                                                                MD5:F179C9BDD86A2A218A5BF9F0F1CF6CD9
                                                                                                                                                                                                                                                SHA1:4544FB23D56CC76338E7F71F12F58C5FE89D0D76
                                                                                                                                                                                                                                                SHA-256:C42874E2CF034FB5034F0BE35F7592B8A96E8903218DA42E6650C504A85B37CC
                                                                                                                                                                                                                                                SHA-512:3464ECE5C6A0E95EF6136897B70A96C69E552D28BFEDD266F13EEC840E36EC2286A1FB8973B212317DE6FE3E93D7D7CC782EB6FC3D6A2A8F006B34F6443498DE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W,.6B..6B..6B..N..6B..IC..6B..IG..6B..IF..6B..IA..6B...C..6B..NC..6B..6C..6B...O..6B...B..6B......6B...@..6B.Rich.6B.........PE..d......e.........." ...%.............................................................)....`......................................... ...P...p............................/..........`4..T........................... 3..@............ ...............................text............................... ..`.rdata..D.... ......................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\python3.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):68376
                                                                                                                                                                                                                                                Entropy (8bit):6.14896460878624
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:768:LV1EbYGVXq6KC/prVHBN0cW18itCQDFPnOMFn+gikF/nFX14uewjBcCCC0yamM/u:LDmF61JFn+/OHZIAL0R7SyHxy
                                                                                                                                                                                                                                                MD5:6271A2FE61978CA93E60588B6B63DEB2
                                                                                                                                                                                                                                                SHA1:BE26455750789083865FE91E2B7A1BA1B457EFB8
                                                                                                                                                                                                                                                SHA-256:A59487EA2C8723277F4579067248836B216A801C2152EFB19AFEE4AC9785D6FB
                                                                                                                                                                                                                                                SHA-512:8C32BCB500A94FF47F5EF476AE65D3B677938EBEE26E80350F28604AAEE20B044A5D55442E94A11CCD9962F34D22610B932AC9D328197CF4D2FFBC7DF640EFBA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........T...5e..5e..5e..m..5e..e..5e.....5e..g..5e.Rich.5e.........PE..d......e.........." ...%............................................................x.....`.........................................`...H................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\python312.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):7009048
                                                                                                                                                                                                                                                Entropy (8bit):5.7826778751744685
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:49152:mz0oCxOqKWneF3o1VLCClOTNRpaOviXEYWyb3eOYTvuFsx/iac84YNFXiTlv5WF4:mooCcqKLHX+az2Ro8Kv7HDMiEB/
                                                                                                                                                                                                                                                MD5:550288A078DFFC3430C08DA888E70810
                                                                                                                                                                                                                                                SHA1:01B1D31F37FB3FD81D893CC5E4A258E976F5884F
                                                                                                                                                                                                                                                SHA-256:789A42AC160CEF98F8925CB347473EEEB4E70F5513242E7FABA5139BA06EDF2D
                                                                                                                                                                                                                                                SHA-512:7244432FC3716F7EF27630D4E8FBC8180A2542AA97A01D44DCA260AB43966DD8AC98B6023400B0478A4809AACE1A128F1F4D6E544F2E591A5B436FD4C8A9D723
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T..e...e...e...d...e.......e...`...e...a...e...f...e.......e..d...e...d...e..Bh.M.e..Be...e..B....e..Bg...e.Rich..e.........................PE..d......e.........." ...%.$)..ZB......]........................................k.....:.k...`...........................................O.d...toP......Pj.......`.dZ....j../...`j.pZ....3.T.....................I.(...P.3.@............@)..............................text....")......$)................. ..`.rdata...T'..@)..V'..().............@..@.data....?....P......~P.............@....pdata..dZ....`..\....`.............@..@PyRuntim.....@c......\b.............@....rsrc........Pj......^i.............@..@.reloc..pZ...`j..\...hi.............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\pywin32_system32\pywintypes312.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):134656
                                                                                                                                                                                                                                                Entropy (8bit):5.9953900911096785
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3072:Yuh2G0a2fYrFceQaVK756Y/r06trvoEKQAe7KL8KJKVKGajt4:Yuh2faiYrFceQaVfY/rxTBAe7KwKwVrE
                                                                                                                                                                                                                                                MD5:26D752C8896B324FFD12827A5E4B2808
                                                                                                                                                                                                                                                SHA1:447979FA03F78CB7210A4E4BA365085AB2F42C22
                                                                                                                                                                                                                                                SHA-256:BD33548DBDBB178873BE92901B282BAD9C6817E3EAC154CA50A666D5753FD7EC
                                                                                                                                                                                                                                                SHA-512:99C87AB9920E79A03169B29A2F838D568CA4D4056B54A67BC51CAF5C0FF5A4897ED02533BA504F884C6F983EBC400743E6AD52AC451821385B1E25C3B1EBCEE0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#.$g..wg..wg..wn.[wk..w5..vc..w..5wf..w5..vs..w5..vo..w5..vd..ws..vf..w...ve..ws..vl..wg..w...w...vj..w...vf..w...vf..wRichg..w........PE..d......d.........." ................L........................................P............`......................................... u..`B......,....0..l.......L............@..0...`Q..T............................Q..8............................................text............................... ..`.rdata..R...........................@..@.data....-.......(..................@....pdata..L...........................@..@.rsrc...l....0......................@..@.reloc..0....@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\select.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):30488
                                                                                                                                                                                                                                                Entropy (8bit):6.582548725691534
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:b9yLTFInPLnIdHqp3DT90IZIAQGyHQIYiSy1pCQ273bAM+o/8E9VF0Nypyn4:6inzUHqN1rZIAQGo5YiSyvUrAMxkEjh
                                                                                                                                                                                                                                                MD5:8A273F518973801F3C63D92AD726EC03
                                                                                                                                                                                                                                                SHA1:069FC26B9BD0F6EA3F9B3821AD7C812FD94B021F
                                                                                                                                                                                                                                                SHA-256:AF358285A7450DE6E2E5E7FF074F964D6A257FB41D9EB750146E03C7DDA503CA
                                                                                                                                                                                                                                                SHA-512:7FEDAE0573ECB3946EDE7D0B809A98ACAD3D4C95D6C531A40E51A31BDB035BADC9F416D8AAA26463784FF2C5E7A0CC2C793D62B5FDB2B8E9FAD357F93D3A65F8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V..t.s.'.s.'.s.'..7'.s.'...&.s.'...&.s.'...&.s.'...&.s.'(.&.s.'.s.'Ps.'Y..&.s.'(.&.s.'(.&.s.'(.['.s.'(.&.s.'Rich.s.'........PE..d......e.........." ...%.....2.......................................................y....`..........................................@..L...,A..x....p.......`.......H.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\sqlite3.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1500440
                                                                                                                                                                                                                                                Entropy (8bit):6.5886408023548295
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24576:ATqtyGkxOc+wv05tP5kf82Hr/74YPF5o/P/gnAracr7/24UcypY7w0vpZUFq++I:nk0jwv4tP5kf8ar/74EF2/An4acrVUc2
                                                                                                                                                                                                                                                MD5:31CD2695493E9B0669D7361D92D46D94
                                                                                                                                                                                                                                                SHA1:19C1BC5C3856665ECA5390A2F9CD59B564C0139B
                                                                                                                                                                                                                                                SHA-256:17D547994008F1626BE2877497912687CB3EBD9A407396804310FD12C85AEAD4
                                                                                                                                                                                                                                                SHA-512:9DD8D1B900999E8CEA91F3D5F3F72D510F9CC28D7C6768A4046A9D2AA9E78A6ACE1248EC9574F5F6E53A6F1BDBFDF153D9BF73DBA05788625B03398716C87E1C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......SJ...+...+...+...S...+...T...+...T...+...T...+...T...+..\S...+...+...+..-....+..-....+..-.n..+..-....+..Rich.+..................PE..d....Bre.........." ...%..................................................................`..........................................d...".............................../..........P...T...............................@...............@............................text...x........................... ..`.rdata..f...........................@..@.data....G.......>..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\ucrtbase.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1035728
                                                                                                                                                                                                                                                Entropy (8bit):6.630126944065657
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24576:EsKxVJ/pRRK0Y/9fCrl4NbpjONcncXEomxvSZX0yp49C:lKxDPHQCrlQBXxw
                                                                                                                                                                                                                                                MD5:849959A003FA63C5A42AE87929FCD18B
                                                                                                                                                                                                                                                SHA1:D1B80B3265E31A2B5D8D7DA6183146BBD5FB791B
                                                                                                                                                                                                                                                SHA-256:6238CBFE9F57C142B75E153C399C478D492252FDA8CB40EE539C2DCB0F2EB232
                                                                                                                                                                                                                                                SHA-512:64958DABDB94D21B59254C2F074DB5D51E914DDBC8437452115DFF369B0C134E50462C3FDBBC14B6FA809A6EE19AB2FB83D654061601CC175CDDCB7D74778E09
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........of...5...5...5..5...5...5&..5...5...5...4...5...4...5...4...5...4...5...4..5...5...5...4...5Rich...5........PE..d.....$%.........." .....:..........0Z..............................................7^....`A................................................................. ...........!.............p........................... f..............................................text...09.......:.................. ..`.rdata..^....P.......>..............@..@.data....&..........................@....pdata....... ......................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\unicodedata.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1137944
                                                                                                                                                                                                                                                Entropy (8bit):5.462202215180296
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:hrEHdcM6hbFCjJ43w9hIpCQvb0QN8MdIEQ+U2BNNmD+99FfciFt:hrEXYCjfk7bPNfv42BN6yzUiFt
                                                                                                                                                                                                                                                MD5:04F35D7EEC1F6B72BAB9DAF330FD0D6B
                                                                                                                                                                                                                                                SHA1:ECF0C25BA7ADF7624109E2720F2B5930CD2DBA65
                                                                                                                                                                                                                                                SHA-256:BE942308D99CC954931FE6F48ED8CC7A57891CCBE99AAE728121BCDA1FD929AB
                                                                                                                                                                                                                                                SHA-512:3DA405E4C1371F4B265E744229DCC149491A112A2B7EA8E518D5945F8C259CAD15583F25592B35EC8A344E43007AE00DA9673822635EE734D32664F65C9C8D9B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........K..K..K..B.q.M..^..I..^..F..^..C..^..H..qE.H.....I..K.....qE.J..qE.J..qE..J..qE..J..RichK..........................PE..d......e.........." ...%.>..........`*.......................................p............`.........................................p...X............P.......@.........../...`......P^..T............................]..@............P..p............................text....=.......>.................. ..`.rdata..\....P.......B..............@..@.data...X.... ......................@....pdata.......@......................@..@.rsrc........P......."..............@..@.reloc.......`.......,..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\win32\win32api.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):133632
                                                                                                                                                                                                                                                Entropy (8bit):5.851293297484796
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3072:bPwB2zC1vwC3XetCf5RlRVFhLaNKPRyymoh5Lm9b0e:bIB2zkvwGXetCfDlRVlPRy85Lm9
                                                                                                                                                                                                                                                MD5:3A80FEA23A007B42CEF8E375FC73AD40
                                                                                                                                                                                                                                                SHA1:04319F7552EA968E2421C3936C3A9EE6F9CF30B2
                                                                                                                                                                                                                                                SHA-256:B70D69D25204381F19378E1BB35CC2B8C8430AA80A983F8D0E8E837050BB06EF
                                                                                                                                                                                                                                                SHA-512:A63BED03F05396B967858902E922B2FBFB4CF517712F91CFAA096FF0539CF300D6B9C659FFEE6BF11C28E79E23115FD6B9C0B1AA95DB1CBD4843487F060CCF40
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I^.f'..f'..f'......f'...&..f'...#..f'...$..f'.o.&..f'..."..f'...&..f'..f&..g'.o....f'.o.'..f'.o.%..f'.Rich.f'.................PE..d......d.........." .........................................................P............`..........................................................0..\....................@..$....v..T............................<..8............0..........@....................text...$........................... ..`.rdata......0......................@..@.data...x(......."..................@....pdata..............................@..@.rsrc...\....0......................@..@.reloc..$....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI43442\win32\win32crypt.pyd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):123904
                                                                                                                                                                                                                                                Entropy (8bit):5.966619585818369
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3072:07jbPA0SD9S3vrCqf93qMHxCjdLZn1Ya:07jtS9SfuCRCjFV
                                                                                                                                                                                                                                                MD5:47C91C74BB2C5CF696626AF04F3705AB
                                                                                                                                                                                                                                                SHA1:C086BC2825969756169FAB7DD2E560D360E1E09C
                                                                                                                                                                                                                                                SHA-256:F6EAD250FC2DE4330BD26079A44DED7F55172E05A70E28AD85D09E7881725155
                                                                                                                                                                                                                                                SHA-512:E6B6A4425B3E30CEA7BF8B09971FA0C84D6317B1A37BC1518266DC8D72C166099A8FC40A9B985300901BD921E444FF438FD30B814C1F1C6A051DF3471615C2BD
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U...U...U...\.v.S.......Q.......E.......].......V.....Q...A...R...U........\.....T.....T...RichU...........PE..d......d.........." ................(........................................ ............`..........................................o..................d.......................H....G..T............................H..8............................................text...~........................... ..`.rdata..............................@..@.data....-.......(..................@....pdata..............................@..@.rsrc...d...........................@..@.reloc..H...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Entropy (8bit):7.996486556715774
                                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                                • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                                                • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                File name:7EznMik8Fw.exe
                                                                                                                                                                                                                                                File size:17'524'998 bytes
                                                                                                                                                                                                                                                MD5:a02bd3671b7dab9f036b13c8b0339714
                                                                                                                                                                                                                                                SHA1:9c48e8a80a0cf0a1ca1e4328091241c242dfc5b4
                                                                                                                                                                                                                                                SHA256:fc5586ca851cbf4eed21ae5c11b8e5d7c23379561016f779f5fe346439e2f55d
                                                                                                                                                                                                                                                SHA512:e9b5c9951b5f4d525e7932a7c0d509de690f1414c22934a215b4289bf812d0385a436eed6050d49cf5bb71cad105c9f3b668c7dbb6610a6288396e4234c5a65d
                                                                                                                                                                                                                                                SSDEEP:393216:UEkZgf8fdntpUTLfhJe1+TtIiFyuvB5IjWqJ6eoWez1HGwFXiWCR:URbFHUTLJE1QtItS3ILJ6e/UGhVR
                                                                                                                                                                                                                                                TLSH:74073347B3901CB1D2D1537E5262C56E6F63B894D361CB9F03B821A51F8B2634E3AE72
                                                                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.Q...?...?...?.Z.<...?.Z.:...?.Z.;...?.......?...:.9.?...;...?...<...?.Z.>...?...>...?.+.;...?.+.=...?.Rich..?................

                                                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                                                Icon Hash:02e4c2c63ccec224

                                                                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Entrypoint:0x14000c1f0
                                                                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                                                                Imagebase:0x140000000
                                                                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                Time Stamp:0x65CAFC8C [Tue Feb 13 05:22:20 2024 UTC]
                                                                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                                                OS Version Major:5
                                                                                                                                                                                                                                                OS Version Minor:2
                                                                                                                                                                                                                                                File Version Major:5
                                                                                                                                                                                                                                                File Version Minor:2
                                                                                                                                                                                                                                                Subsystem Version Major:5
                                                                                                                                                                                                                                                Subsystem Version Minor:2
                                                                                                                                                                                                                                                Import Hash:1af6c885af093afc55142c2f1761dbe8

                                                                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                sub esp, 28h
                                                                                                                                                                                                                                                call 00007FE270C2348Ch
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                add esp, 28h
                                                                                                                                                                                                                                                jmp 00007FE270C2309Fh
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                sub esp, 28h
                                                                                                                                                                                                                                                call 00007FE270C23A04h
                                                                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                                                                je 00007FE270C23243h
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                mov eax, dword ptr [00000030h]
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                                                                jmp 00007FE270C23227h
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                cmp ecx, eax
                                                                                                                                                                                                                                                je 00007FE270C23236h
                                                                                                                                                                                                                                                xor eax, eax
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                cmpxchg dword ptr [0003427Ch], ecx
                                                                                                                                                                                                                                                jne 00007FE270C23210h
                                                                                                                                                                                                                                                xor al, al
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                add esp, 28h
                                                                                                                                                                                                                                                ret
                                                                                                                                                                                                                                                mov al, 01h
                                                                                                                                                                                                                                                jmp 00007FE270C23219h
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                inc eax
                                                                                                                                                                                                                                                push ebx
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                sub esp, 20h
                                                                                                                                                                                                                                                movzx eax, byte ptr [00034267h]
                                                                                                                                                                                                                                                test ecx, ecx
                                                                                                                                                                                                                                                mov ebx, 00000001h
                                                                                                                                                                                                                                                cmove eax, ebx
                                                                                                                                                                                                                                                mov byte ptr [00034257h], al
                                                                                                                                                                                                                                                call 00007FE270C23803h
                                                                                                                                                                                                                                                call 00007FE270C24922h
                                                                                                                                                                                                                                                test al, al
                                                                                                                                                                                                                                                jne 00007FE270C23226h
                                                                                                                                                                                                                                                xor al, al
                                                                                                                                                                                                                                                jmp 00007FE270C23236h
                                                                                                                                                                                                                                                call 00007FE270C318C1h
                                                                                                                                                                                                                                                test al, al
                                                                                                                                                                                                                                                jne 00007FE270C2322Bh
                                                                                                                                                                                                                                                xor ecx, ecx
                                                                                                                                                                                                                                                call 00007FE270C24932h
                                                                                                                                                                                                                                                jmp 00007FE270C2320Ch
                                                                                                                                                                                                                                                mov al, bl
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                add esp, 20h
                                                                                                                                                                                                                                                pop ebx
                                                                                                                                                                                                                                                ret
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                inc eax
                                                                                                                                                                                                                                                push ebx
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                sub esp, 20h
                                                                                                                                                                                                                                                cmp byte ptr [0003421Ch], 00000000h
                                                                                                                                                                                                                                                mov ebx, ecx
                                                                                                                                                                                                                                                jne 00007FE270C23289h
                                                                                                                                                                                                                                                cmp ecx, 01h
                                                                                                                                                                                                                                                jnbe 00007FE270C2328Ch
                                                                                                                                                                                                                                                call 00007FE270C2396Ah
                                                                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                                                                je 00007FE270C2324Ah

                                                                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x3cdcc0x78.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x460000x4634.rsrc
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x420000x22a4.pdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x4b0000x75c.reloc
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x3a3300x1c.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3a1f00x140.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x420.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                .text0x10000x29c900x29e0062616acf257019688180f494b4eb78d4False0.5523087686567164data6.4831047330596565IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                .rdata0x2b0000x12bf40x12c00331709545b6c1132fbe9c72b2db864eaFalse0.5184375data5.835042374763311IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                .data0x3e0000x33380xe0099d84572872f2ce8d9bdbc2521e1966eFalse0.1328125Matlab v4 mat-file (little endian) f\324\377\3772\242\337-\231+, text, rows 4294967295, columns 01.8271683819747706IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                .pdata0x420000x22a40x240039f0a7d8241a665fc55289b5f9977819False0.4720052083333333data5.316391891279308IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                _RDATA0x450000x15c0x200624222957a635749731104f8cdf6f9b7False0.38671875data2.83326547900447IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                .rsrc0x460000x46340x4800c5a3deb814c3970920fb8eac3139c247False0.138671875data2.9680759344437155IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                .reloc0x4b0000x75c0x8004138d4447f190c2657ec208ef31be551False0.5458984375data5.240127521097618IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                Resources

                                                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                RT_ICON0x460e80x4028Device independent bitmap graphic, 64 x 128 x 32, image size 00.10618606916707257
                                                                                                                                                                                                                                                RT_GROUP_ICON0x4a1100x14data1.1
                                                                                                                                                                                                                                                RT_MANIFEST0x4a1240x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                                                                Imports

                                                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                                                USER32.dllCreateWindowExW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                                                                COMCTL32.dll
                                                                                                                                                                                                                                                KERNEL32.dllIsValidCodePage, GetStringTypeW, GetFileAttributesExW, HeapReAlloc, FlushFileBuffers, GetCurrentDirectoryW, GetACP, GetOEMCP, GetModuleHandleW, MulDiv, GetLastError, SetDllDirectoryW, GetModuleFileNameW, CreateSymbolicLinkW, GetProcAddress, GetCommandLineW, GetEnvironmentVariableW, GetCPInfo, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, SetConsoleCtrlHandler, FindClose, FindFirstFileExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, WriteConsoleW, SetEndOfFile, SetEnvironmentVariableW, RtlUnwindEx, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindNextFileW, SetStdHandle, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW
                                                                                                                                                                                                                                                ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                                                                GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                Dec 9, 2024 10:08:44.716468096 CET49710443192.168.2.634.224.200.202
                                                                                                                                                                                                                                                Dec 9, 2024 10:08:44.716531992 CET4434971034.224.200.202192.168.2.6
                                                                                                                                                                                                                                                Dec 9, 2024 10:08:44.716659069 CET49710443192.168.2.634.224.200.202
                                                                                                                                                                                                                                                Dec 9, 2024 10:08:46.605950117 CET49710443192.168.2.634.224.200.202
                                                                                                                                                                                                                                                Dec 9, 2024 10:08:46.605993986 CET4434971034.224.200.202192.168.2.6
                                                                                                                                                                                                                                                Dec 9, 2024 10:08:48.344639063 CET4434971034.224.200.202192.168.2.6
                                                                                                                                                                                                                                                Dec 9, 2024 10:08:48.345293999 CET49710443192.168.2.634.224.200.202
                                                                                                                                                                                                                                                Dec 9, 2024 10:08:48.345309019 CET4434971034.224.200.202192.168.2.6
                                                                                                                                                                                                                                                Dec 9, 2024 10:08:48.346226931 CET4434971034.224.200.202192.168.2.6
                                                                                                                                                                                                                                                Dec 9, 2024 10:08:48.346286058 CET49710443192.168.2.634.224.200.202
                                                                                                                                                                                                                                                Dec 9, 2024 10:08:48.347567081 CET49710443192.168.2.634.224.200.202
                                                                                                                                                                                                                                                Dec 9, 2024 10:08:48.347693920 CET49710443192.168.2.634.224.200.202

                                                                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                Dec 9, 2024 10:08:44.576170921 CET5971353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                Dec 9, 2024 10:08:44.713227034 CET53597131.1.1.1192.168.2.6

                                                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                Dec 9, 2024 10:08:44.576170921 CET192.168.2.61.1.1.10x7104Standard query (0)httpbin.orgA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                Dec 9, 2024 10:08:44.713227034 CET1.1.1.1192.168.2.60x7104No error (0)httpbin.org34.224.200.202A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 9, 2024 10:08:44.713227034 CET1.1.1.1192.168.2.60x7104No error (0)httpbin.org44.196.3.45A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                                Start time:04:08:39
                                                                                                                                                                                                                                                Start date:09/12/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\7EznMik8Fw.exe"
                                                                                                                                                                                                                                                Imagebase:0x7ff682e80000
                                                                                                                                                                                                                                                File size:17'524'998 bytes
                                                                                                                                                                                                                                                MD5 hash:A02BD3671B7DAB9F036B13C8B0339714
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                                                                Start time:04:08:42
                                                                                                                                                                                                                                                Start date:09/12/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\7EznMik8Fw.exe"
                                                                                                                                                                                                                                                Imagebase:0x7ff682e80000
                                                                                                                                                                                                                                                File size:17'524'998 bytes
                                                                                                                                                                                                                                                MD5 hash:A02BD3671B7DAB9F036B13C8B0339714
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                  Execution Coverage:9.5%
                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                  Signature Coverage:13%
                                                                                                                                                                                                                                                  Total number of Nodes:2000
                                                                                                                                                                                                                                                  Total number of Limit Nodes:23
                                                                                                                                                                                                                                                  execution_graph 18579 7ff682ea1d20 18590 7ff682ea7cb4 18579->18590 18591 7ff682ea7cc1 18590->18591 18592 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18591->18592 18593 7ff682ea7cdd 18591->18593 18592->18591 18594 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18593->18594 18595 7ff682ea1d29 18593->18595 18594->18593 18596 7ff682ea0cb8 EnterCriticalSection 18595->18596 18635 7ff682e95310 18636 7ff682e9531b 18635->18636 18644 7ff682e9f764 18636->18644 18657 7ff682ea0cb8 EnterCriticalSection 18644->18657 19118 7ff682e8bf90 19119 7ff682e8bfa0 19118->19119 19135 7ff682e9a138 19119->19135 19121 7ff682e8bfac 19141 7ff682e8c298 19121->19141 19123 7ff682e8c57c 7 API calls 19125 7ff682e8c045 19123->19125 19124 7ff682e8bfc4 _RTC_Initialize 19133 7ff682e8c019 19124->19133 19146 7ff682e8c448 19124->19146 19127 7ff682e8bfd9 19149 7ff682e995a4 19127->19149 19133->19123 19134 7ff682e8c035 19133->19134 19136 7ff682e9a149 19135->19136 19137 7ff682e9a151 19136->19137 19138 7ff682e954c4 _get_daylight 11 API calls 19136->19138 19137->19121 19139 7ff682e9a160 19138->19139 19140 7ff682e9aea4 _invalid_parameter_noinfo 37 API calls 19139->19140 19140->19137 19142 7ff682e8c2a9 19141->19142 19145 7ff682e8c2ae __scrt_release_startup_lock 19141->19145 19143 7ff682e8c57c 7 API calls 19142->19143 19142->19145 19144 7ff682e8c322 19143->19144 19145->19124 19174 7ff682e8c40c 19146->19174 19148 7ff682e8c451 19148->19127 19150 7ff682e8bfe5 19149->19150 19151 7ff682e995c4 19149->19151 19150->19133 19173 7ff682e8c51c InitializeSListHead 19150->19173 19152 7ff682e995e2 GetModuleFileNameW 19151->19152 19153 7ff682e995cc 19151->19153 19157 7ff682e9960d 19152->19157 19154 7ff682e954c4 _get_daylight 11 API calls 19153->19154 19155 7ff682e995d1 19154->19155 19156 7ff682e9aea4 _invalid_parameter_noinfo 37 API calls 19155->19156 19156->19150 19158 7ff682e99544 11 API calls 19157->19158 19159 7ff682e9964d 19158->19159 19160 7ff682e99655 19159->19160 19164 7ff682e9966d 19159->19164 19161 7ff682e954c4 _get_daylight 11 API calls 19160->19161 19162 7ff682e9965a 19161->19162 19165 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19162->19165 19163 7ff682e9968f 19166 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19163->19166 19164->19163 19167 7ff682e996d4 19164->19167 19168 7ff682e996bb 19164->19168 19165->19150 19166->19150 19171 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19167->19171 19169 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19168->19169 19170 7ff682e996c4 19169->19170 19172 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19170->19172 19171->19163 19172->19150 19175 7ff682e8c426 19174->19175 19176 7ff682e8c41f 19174->19176 19178 7ff682e9a77c 19175->19178 19176->19148 19181 7ff682e9a3b8 19178->19181 19188 7ff682ea0cb8 EnterCriticalSection 19181->19188 19189 7ff682e9b590 19190 7ff682e9b5aa 19189->19190 19191 7ff682e9b595 19189->19191 19195 7ff682e9b5b0 19191->19195 19196 7ff682e9b5fa 19195->19196 19197 7ff682e9b5f2 19195->19197 19199 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19196->19199 19198 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19197->19198 19198->19196 19200 7ff682e9b607 19199->19200 19201 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19200->19201 19202 7ff682e9b614 19201->19202 19203 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19202->19203 19204 7ff682e9b621 19203->19204 19205 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19204->19205 19206 7ff682e9b62e 19205->19206 19207 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19206->19207 19208 7ff682e9b63b 19207->19208 19209 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19208->19209 19210 7ff682e9b648 19209->19210 19211 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19210->19211 19212 7ff682e9b655 19211->19212 19213 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19212->19213 19214 7ff682e9b665 19213->19214 19215 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19214->19215 19216 7ff682e9b675 19215->19216 19221 7ff682e9b458 19216->19221 19235 7ff682ea0cb8 EnterCriticalSection 19221->19235 19237 7ff682eaab89 19238 7ff682eaab98 19237->19238 19240 7ff682eaaba2 19237->19240 19241 7ff682ea0d18 LeaveCriticalSection 19238->19241 15183 7ff682e8c07c 15204 7ff682e8c24c 15183->15204 15186 7ff682e8c1c8 15300 7ff682e8c57c IsProcessorFeaturePresent 15186->15300 15187 7ff682e8c098 __scrt_acquire_startup_lock 15189 7ff682e8c1d2 15187->15189 15196 7ff682e8c0b6 __scrt_release_startup_lock 15187->15196 15190 7ff682e8c57c 7 API calls 15189->15190 15192 7ff682e8c1dd _CreateFrameInfo 15190->15192 15191 7ff682e8c0db 15193 7ff682e8c161 15210 7ff682e8c6c8 15193->15210 15195 7ff682e8c166 15213 7ff682e81000 15195->15213 15196->15191 15196->15193 15289 7ff682e9a0bc 15196->15289 15201 7ff682e8c189 15201->15192 15296 7ff682e8c3e0 15201->15296 15307 7ff682e8c84c 15204->15307 15207 7ff682e8c27b __scrt_initialize_crt 15209 7ff682e8c090 15207->15209 15309 7ff682e8d998 15207->15309 15209->15186 15209->15187 15336 7ff682e8d0e0 15210->15336 15214 7ff682e8100b 15213->15214 15338 7ff682e886b0 15214->15338 15216 7ff682e8101d 15345 7ff682e95ef8 15216->15345 15218 7ff682e839cb 15352 7ff682e81eb0 15218->15352 15224 7ff682e839ea 15285 7ff682e83ad2 15224->15285 15368 7ff682e87b60 15224->15368 15226 7ff682e83a1f 15227 7ff682e87b60 61 API calls 15226->15227 15239 7ff682e83a6b 15226->15239 15232 7ff682e83a40 __std_exception_destroy 15227->15232 15229 7ff682e83a80 15387 7ff682e81cb0 15229->15387 15236 7ff682e88040 58 API calls 15232->15236 15232->15239 15233 7ff682e83b71 15246 7ff682e83b95 15233->15246 15406 7ff682e814f0 15233->15406 15234 7ff682e81cb0 121 API calls 15235 7ff682e83ab6 15234->15235 15237 7ff682e83aba 15235->15237 15238 7ff682e83af8 15235->15238 15236->15239 15454 7ff682e82b30 15237->15454 15238->15233 15476 7ff682e83fd0 15238->15476 15383 7ff682e88040 15239->15383 15241 7ff682e83bef 15413 7ff682e86de0 15241->15413 15243 7ff682e83bcc 15247 7ff682e83be2 SetDllDirectoryW 15243->15247 15248 7ff682e83bd1 15243->15248 15246->15241 15246->15285 15499 7ff682e88ae0 15246->15499 15247->15241 15251 7ff682e82b30 59 API calls 15248->15251 15251->15285 15254 7ff682e83b16 15257 7ff682e82b30 59 API calls 15254->15257 15255 7ff682e83c09 15281 7ff682e83c3b 15255->15281 15522 7ff682e865f0 15255->15522 15257->15285 15258 7ff682e83d06 15417 7ff682e834c0 15258->15417 15259 7ff682e83b44 15259->15233 15260 7ff682e83b49 15259->15260 15495 7ff682e9018c 15260->15495 15266 7ff682e83c5a 15274 7ff682e83ca5 15266->15274 15564 7ff682e81ef0 15266->15564 15267 7ff682e83c3d 15558 7ff682e86840 15267->15558 15273 7ff682e83d2e 15276 7ff682e87b60 61 API calls 15273->15276 15274->15285 15568 7ff682e83460 15274->15568 15275 7ff682e83c2c 15552 7ff682e86c30 15275->15552 15279 7ff682e83d3a 15276->15279 15431 7ff682e88080 15279->15431 15280 7ff682e83ce1 15283 7ff682e86840 FreeLibrary 15280->15283 15281->15258 15281->15266 15283->15285 15467 7ff682e8bcc0 15285->15467 15290 7ff682e9a0d3 15289->15290 15291 7ff682e9a0f4 15289->15291 15290->15193 18218 7ff682e9a968 15291->18218 15294 7ff682e8c70c GetModuleHandleW 15295 7ff682e8c71d 15294->15295 15295->15201 15298 7ff682e8c3f1 15296->15298 15297 7ff682e8c1a0 15297->15191 15298->15297 15299 7ff682e8d998 __scrt_initialize_crt 7 API calls 15298->15299 15299->15297 15301 7ff682e8c5a2 _wfindfirst32i64 memcpy_s 15300->15301 15302 7ff682e8c5c1 RtlCaptureContext RtlLookupFunctionEntry 15301->15302 15303 7ff682e8c626 memcpy_s 15302->15303 15304 7ff682e8c5ea RtlVirtualUnwind 15302->15304 15305 7ff682e8c658 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15303->15305 15304->15303 15306 7ff682e8c6aa _wfindfirst32i64 15305->15306 15306->15189 15308 7ff682e8c26e __scrt_dllmain_crt_thread_attach 15307->15308 15308->15207 15308->15209 15310 7ff682e8d9a0 15309->15310 15311 7ff682e8d9aa 15309->15311 15315 7ff682e8dd14 15310->15315 15311->15209 15316 7ff682e8d9a5 15315->15316 15317 7ff682e8dd23 15315->15317 15319 7ff682e8dd80 15316->15319 15323 7ff682e8df50 15317->15323 15320 7ff682e8ddab 15319->15320 15321 7ff682e8dd8e DeleteCriticalSection 15320->15321 15322 7ff682e8ddaf 15320->15322 15321->15320 15322->15311 15327 7ff682e8ddb8 15323->15327 15328 7ff682e8ded2 TlsFree 15327->15328 15334 7ff682e8ddfc __vcrt_InitializeCriticalSectionEx 15327->15334 15329 7ff682e8de2a LoadLibraryExW 15331 7ff682e8dea1 15329->15331 15332 7ff682e8de4b GetLastError 15329->15332 15330 7ff682e8dec1 GetProcAddress 15330->15328 15331->15330 15333 7ff682e8deb8 FreeLibrary 15331->15333 15332->15334 15333->15330 15334->15328 15334->15329 15334->15330 15335 7ff682e8de6d LoadLibraryExW 15334->15335 15335->15331 15335->15334 15337 7ff682e8c6df GetStartupInfoW 15336->15337 15337->15195 15340 7ff682e886cf 15338->15340 15339 7ff682e88720 WideCharToMultiByte 15339->15340 15341 7ff682e887c6 15339->15341 15340->15339 15340->15341 15342 7ff682e88774 WideCharToMultiByte 15340->15342 15344 7ff682e886d7 __std_exception_destroy 15340->15344 15616 7ff682e829e0 15341->15616 15342->15340 15342->15341 15344->15216 15348 7ff682ea0050 15345->15348 15346 7ff682ea00a3 15347 7ff682e9add8 _invalid_parameter_noinfo 37 API calls 15346->15347 15351 7ff682ea00cc 15347->15351 15348->15346 15349 7ff682ea00f6 15348->15349 16121 7ff682e9ff28 15349->16121 15351->15218 15353 7ff682e81ec5 15352->15353 15354 7ff682e81ee0 15353->15354 16129 7ff682e82890 15353->16129 15354->15285 15356 7ff682e83ec0 15354->15356 15357 7ff682e8bc60 15356->15357 15358 7ff682e83ecc GetModuleFileNameW 15357->15358 15359 7ff682e83efb 15358->15359 15360 7ff682e83f12 15358->15360 15361 7ff682e829e0 57 API calls 15359->15361 16169 7ff682e88bf0 15360->16169 15363 7ff682e83f0e 15361->15363 15365 7ff682e8bcc0 _wfindfirst32i64 8 API calls 15363->15365 15367 7ff682e83f4f 15365->15367 15366 7ff682e82b30 59 API calls 15366->15363 15367->15224 15369 7ff682e87b6a 15368->15369 15370 7ff682e88ae0 57 API calls 15369->15370 15371 7ff682e87b8c GetEnvironmentVariableW 15370->15371 15372 7ff682e87bf6 15371->15372 15373 7ff682e87ba4 ExpandEnvironmentStringsW 15371->15373 15375 7ff682e8bcc0 _wfindfirst32i64 8 API calls 15372->15375 15374 7ff682e88bf0 59 API calls 15373->15374 15376 7ff682e87bcc 15374->15376 15377 7ff682e87c08 15375->15377 15376->15372 15378 7ff682e87bd6 15376->15378 15377->15226 16180 7ff682e9a99c 15378->16180 15381 7ff682e8bcc0 _wfindfirst32i64 8 API calls 15382 7ff682e87bee 15381->15382 15382->15226 15384 7ff682e88ae0 57 API calls 15383->15384 15385 7ff682e88057 SetEnvironmentVariableW 15384->15385 15386 7ff682e8806f __std_exception_destroy 15385->15386 15386->15229 15388 7ff682e81cbe 15387->15388 15389 7ff682e81ef0 49 API calls 15388->15389 15390 7ff682e81cf4 15389->15390 15391 7ff682e81ef0 49 API calls 15390->15391 15401 7ff682e81dde 15390->15401 15392 7ff682e81d1a 15391->15392 15392->15401 16187 7ff682e81aa0 15392->16187 15393 7ff682e8bcc0 _wfindfirst32i64 8 API calls 15394 7ff682e81e6c 15393->15394 15394->15233 15394->15234 15398 7ff682e81dcc 15399 7ff682e83e40 49 API calls 15398->15399 15399->15401 15400 7ff682e81d8f 15400->15398 15402 7ff682e81e34 15400->15402 15401->15393 15403 7ff682e83e40 49 API calls 15402->15403 15404 7ff682e81e41 15403->15404 16223 7ff682e84050 15404->16223 15407 7ff682e81506 15406->15407 15410 7ff682e8157f 15406->15410 16265 7ff682e87950 15407->16265 15410->15246 15411 7ff682e82b30 59 API calls 15412 7ff682e81564 15411->15412 15412->15246 15414 7ff682e86df5 15413->15414 15415 7ff682e83bf4 15414->15415 15416 7ff682e82890 59 API calls 15414->15416 15415->15281 15513 7ff682e86a90 15415->15513 15416->15415 15418 7ff682e83574 15417->15418 15421 7ff682e83533 15417->15421 15419 7ff682e8bcc0 _wfindfirst32i64 8 API calls 15418->15419 15420 7ff682e835c5 15419->15420 15420->15285 15424 7ff682e87fd0 15420->15424 15421->15418 16807 7ff682e81710 15421->16807 16849 7ff682e82d70 15421->16849 15425 7ff682e88ae0 57 API calls 15424->15425 15426 7ff682e87fef 15425->15426 15427 7ff682e88ae0 57 API calls 15426->15427 15428 7ff682e87fff 15427->15428 15429 7ff682e97dec 38 API calls 15428->15429 15430 7ff682e8800d __std_exception_destroy 15429->15430 15430->15273 15432 7ff682e88090 15431->15432 15433 7ff682e88ae0 57 API calls 15432->15433 15434 7ff682e880c1 SetConsoleCtrlHandler GetStartupInfoW 15433->15434 15435 7ff682e88122 15434->15435 17338 7ff682e9aa14 15435->17338 15439 7ff682e88131 15440 7ff682e9aa14 _fread_nolock 37 API calls 15439->15440 15455 7ff682e82b50 15454->15455 15456 7ff682e94ac4 49 API calls 15455->15456 15457 7ff682e82b9b memcpy_s 15456->15457 15458 7ff682e88ae0 57 API calls 15457->15458 15459 7ff682e82bd0 15458->15459 15460 7ff682e82c0d MessageBoxA 15459->15460 15461 7ff682e82bd5 15459->15461 15463 7ff682e82c27 15460->15463 15462 7ff682e88ae0 57 API calls 15461->15462 15464 7ff682e82bef MessageBoxW 15462->15464 15465 7ff682e8bcc0 _wfindfirst32i64 8 API calls 15463->15465 15464->15463 15466 7ff682e82c37 15465->15466 15466->15285 15468 7ff682e8bcc9 15467->15468 15469 7ff682e83ae6 15468->15469 15470 7ff682e8bd20 IsProcessorFeaturePresent 15468->15470 15469->15294 15471 7ff682e8bd38 15470->15471 17356 7ff682e8bf14 RtlCaptureContext 15471->17356 15477 7ff682e83fdc 15476->15477 15478 7ff682e88ae0 57 API calls 15477->15478 15479 7ff682e84007 15478->15479 15480 7ff682e88ae0 57 API calls 15479->15480 15481 7ff682e8401a 15480->15481 17361 7ff682e964a8 15481->17361 15484 7ff682e8bcc0 _wfindfirst32i64 8 API calls 15485 7ff682e83b0e 15484->15485 15485->15254 15486 7ff682e882b0 15485->15486 15487 7ff682e882d4 15486->15487 15488 7ff682e90814 73 API calls 15487->15488 15493 7ff682e883ab __std_exception_destroy 15487->15493 15489 7ff682e882ee 15488->15489 15489->15493 17740 7ff682e99070 15489->17740 15491 7ff682e90814 73 API calls 15494 7ff682e88303 15491->15494 15492 7ff682e904dc _fread_nolock 53 API calls 15492->15494 15493->15259 15494->15491 15494->15492 15494->15493 15496 7ff682e901bc 15495->15496 17755 7ff682e8ff68 15496->17755 15498 7ff682e901d5 15498->15254 15500 7ff682e88b01 MultiByteToWideChar 15499->15500 15501 7ff682e88b87 MultiByteToWideChar 15499->15501 15504 7ff682e88b27 15500->15504 15505 7ff682e88b4c 15500->15505 15502 7ff682e88bcf 15501->15502 15503 7ff682e88baa 15501->15503 15502->15243 15506 7ff682e829e0 55 API calls 15503->15506 15507 7ff682e829e0 55 API calls 15504->15507 15505->15501 15510 7ff682e88b62 15505->15510 15509 7ff682e88bbd 15506->15509 15508 7ff682e88b3a 15507->15508 15508->15243 15509->15243 15511 7ff682e829e0 55 API calls 15510->15511 15512 7ff682e88b75 15511->15512 15512->15243 15514 7ff682e86aca 15513->15514 15515 7ff682e86ab3 15513->15515 15514->15255 15515->15514 17766 7ff682e815a0 15515->17766 15517 7ff682e86ad4 15517->15514 15518 7ff682e84050 49 API calls 15517->15518 15519 7ff682e86b35 15518->15519 15520 7ff682e82b30 59 API calls 15519->15520 15521 7ff682e86ba5 memcpy_s __std_exception_destroy 15519->15521 15520->15514 15521->15255 15535 7ff682e8660a memcpy_s 15522->15535 15524 7ff682e8672f 15525 7ff682e84050 49 API calls 15524->15525 15527 7ff682e867a8 15525->15527 15526 7ff682e8674b 15528 7ff682e82b30 59 API calls 15526->15528 15531 7ff682e84050 49 API calls 15527->15531 15534 7ff682e86741 __std_exception_destroy 15528->15534 15529 7ff682e84050 49 API calls 15529->15535 15530 7ff682e86710 15530->15524 15532 7ff682e84050 49 API calls 15530->15532 15533 7ff682e867d8 15531->15533 15532->15524 15538 7ff682e84050 49 API calls 15533->15538 15536 7ff682e8bcc0 _wfindfirst32i64 8 API calls 15534->15536 15535->15524 15535->15526 15535->15529 15535->15530 15535->15535 15539 7ff682e81710 144 API calls 15535->15539 15540 7ff682e86731 15535->15540 17790 7ff682e81950 15535->17790 15537 7ff682e83c1a 15536->15537 15537->15267 15542 7ff682e86570 15537->15542 15538->15534 15539->15535 15541 7ff682e82b30 59 API calls 15540->15541 15541->15534 17794 7ff682e88260 15542->17794 15544 7ff682e8658c 15545 7ff682e88260 58 API calls 15544->15545 15546 7ff682e8659f 15545->15546 15547 7ff682e865d5 15546->15547 15549 7ff682e865b7 15546->15549 15548 7ff682e82b30 59 API calls 15547->15548 15550 7ff682e83c28 15548->15550 17798 7ff682e86ef0 GetProcAddress 15549->17798 15550->15267 15550->15275 15553 7ff682e86c54 15552->15553 15554 7ff682e82b30 59 API calls 15553->15554 15557 7ff682e86cca 15553->15557 15555 7ff682e86cae 15554->15555 15556 7ff682e86840 FreeLibrary 15555->15556 15556->15557 15557->15281 15562 7ff682e8687d 15558->15562 15563 7ff682e86852 15558->15563 15559 7ff682e8693b 15559->15562 17858 7ff682e88240 FreeLibrary 15559->17858 15562->15281 15563->15559 15563->15562 17857 7ff682e88240 FreeLibrary 15563->17857 15565 7ff682e81f15 15564->15565 15566 7ff682e94ac4 49 API calls 15565->15566 15567 7ff682e81f38 15566->15567 15567->15274 17859 7ff682e85bc0 15568->17859 15571 7ff682e834ad 15571->15280 15573 7ff682e83484 15573->15571 17928 7ff682e85920 15573->17928 15575 7ff682e83490 15575->15571 17937 7ff682e85a90 15575->17937 15635 7ff682e8bc60 15616->15635 15619 7ff682e82a29 15637 7ff682e94ac4 15619->15637 15624 7ff682e81ef0 49 API calls 15625 7ff682e82a86 memcpy_s 15624->15625 15626 7ff682e88ae0 54 API calls 15625->15626 15627 7ff682e82abb 15626->15627 15628 7ff682e82af8 MessageBoxA 15627->15628 15629 7ff682e82ac0 15627->15629 15631 7ff682e82b12 15628->15631 15630 7ff682e88ae0 54 API calls 15629->15630 15632 7ff682e82ada MessageBoxW 15630->15632 15633 7ff682e8bcc0 _wfindfirst32i64 8 API calls 15631->15633 15632->15631 15634 7ff682e82b22 15633->15634 15634->15344 15636 7ff682e829fc GetLastError 15635->15636 15636->15619 15639 7ff682e94b1e 15637->15639 15638 7ff682e94b43 15667 7ff682e9add8 15638->15667 15639->15638 15641 7ff682e94b7f 15639->15641 15675 7ff682e92d50 15641->15675 15643 7ff682e94b6d 15645 7ff682e8bcc0 _wfindfirst32i64 8 API calls 15643->15645 15644 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15644->15643 15646 7ff682e82a57 15645->15646 15655 7ff682e88560 15646->15655 15648 7ff682e94c28 15649 7ff682e94c5c 15648->15649 15651 7ff682e94c31 15648->15651 15649->15644 15650 7ff682e94c80 15650->15649 15653 7ff682e94c8a 15650->15653 15689 7ff682e9af0c 15651->15689 15654 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15653->15654 15654->15643 15656 7ff682e8856c 15655->15656 15657 7ff682e88587 GetLastError 15656->15657 15658 7ff682e8858d FormatMessageW 15656->15658 15657->15658 15659 7ff682e885c0 15658->15659 15660 7ff682e885dc WideCharToMultiByte 15658->15660 15661 7ff682e829e0 54 API calls 15659->15661 15662 7ff682e885d3 15660->15662 15663 7ff682e88616 15660->15663 15661->15662 15665 7ff682e8bcc0 _wfindfirst32i64 8 API calls 15662->15665 15664 7ff682e829e0 54 API calls 15663->15664 15664->15662 15666 7ff682e82a5e 15665->15666 15666->15624 15695 7ff682e9ab20 15667->15695 15671 7ff682e9ae13 15671->15643 15676 7ff682e92d8e 15675->15676 15677 7ff682e92d7e 15675->15677 15678 7ff682e92dc5 15676->15678 15679 7ff682e92d97 15676->15679 15680 7ff682e9add8 _invalid_parameter_noinfo 37 API calls 15677->15680 15678->15677 15682 7ff682e92dbd 15678->15682 15685 7ff682e93074 15678->15685 15787 7ff682e936e0 15678->15787 15813 7ff682e933a8 15678->15813 15843 7ff682e92c30 15678->15843 15846 7ff682e94900 15678->15846 15681 7ff682e9add8 _invalid_parameter_noinfo 37 API calls 15679->15681 15680->15682 15681->15682 15682->15648 15682->15649 15682->15650 15682->15651 15687 7ff682e9add8 _invalid_parameter_noinfo 37 API calls 15685->15687 15687->15677 15690 7ff682e9af11 RtlFreeHeap 15689->15690 15691 7ff682e9af40 15689->15691 15690->15691 15692 7ff682e9af2c GetLastError 15690->15692 15691->15643 15693 7ff682e9af39 Concurrency::details::SchedulerProxy::DeleteThis 15692->15693 15694 7ff682e954c4 _get_daylight 9 API calls 15693->15694 15694->15691 15696 7ff682e9ab77 15695->15696 15697 7ff682e9ab3c GetLastError 15695->15697 15696->15671 15701 7ff682e9ab8c 15696->15701 15698 7ff682e9ab4c 15697->15698 15708 7ff682e9b950 15698->15708 15702 7ff682e9abc0 15701->15702 15703 7ff682e9aba8 GetLastError SetLastError 15701->15703 15702->15671 15704 7ff682e9aec4 IsProcessorFeaturePresent 15702->15704 15703->15702 15705 7ff682e9aed7 15704->15705 15779 7ff682e9abd8 15705->15779 15709 7ff682e9b96f FlsGetValue 15708->15709 15710 7ff682e9b98a FlsSetValue 15708->15710 15711 7ff682e9b984 15709->15711 15712 7ff682e9ab67 SetLastError 15709->15712 15710->15712 15713 7ff682e9b997 15710->15713 15711->15710 15712->15696 15725 7ff682e9f158 15713->15725 15716 7ff682e9b9c4 FlsSetValue 15719 7ff682e9b9d0 FlsSetValue 15716->15719 15720 7ff682e9b9e2 15716->15720 15717 7ff682e9b9b4 FlsSetValue 15718 7ff682e9b9bd 15717->15718 15721 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15718->15721 15719->15718 15732 7ff682e9b4b8 15720->15732 15721->15712 15726 7ff682e9f169 _get_daylight 15725->15726 15727 7ff682e9f1ba 15726->15727 15728 7ff682e9f19e HeapAlloc 15726->15728 15737 7ff682ea3c00 15726->15737 15740 7ff682e954c4 15727->15740 15728->15726 15730 7ff682e9b9a6 15728->15730 15730->15716 15730->15717 15765 7ff682e9b390 15732->15765 15743 7ff682ea3c40 15737->15743 15748 7ff682e9b888 GetLastError 15740->15748 15742 7ff682e954cd 15742->15730 15744 7ff682ea0cb8 _isindst EnterCriticalSection 15743->15744 15745 7ff682ea3c4d 15744->15745 15746 7ff682ea0d18 _isindst LeaveCriticalSection 15745->15746 15747 7ff682ea3c12 15746->15747 15747->15726 15749 7ff682e9b8c9 FlsSetValue 15748->15749 15754 7ff682e9b8ac 15748->15754 15750 7ff682e9b8b9 15749->15750 15751 7ff682e9b8db 15749->15751 15752 7ff682e9b935 SetLastError 15750->15752 15753 7ff682e9f158 _get_daylight 5 API calls 15751->15753 15752->15742 15755 7ff682e9b8ea 15753->15755 15754->15749 15754->15750 15756 7ff682e9b908 FlsSetValue 15755->15756 15757 7ff682e9b8f8 FlsSetValue 15755->15757 15758 7ff682e9b914 FlsSetValue 15756->15758 15759 7ff682e9b926 15756->15759 15760 7ff682e9b901 15757->15760 15758->15760 15761 7ff682e9b4b8 _get_daylight 5 API calls 15759->15761 15762 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 15760->15762 15763 7ff682e9b92e 15761->15763 15762->15750 15764 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 15763->15764 15764->15752 15777 7ff682ea0cb8 EnterCriticalSection 15765->15777 15780 7ff682e9ac12 _wfindfirst32i64 memcpy_s 15779->15780 15781 7ff682e9ac3a RtlCaptureContext RtlLookupFunctionEntry 15780->15781 15782 7ff682e9ac74 RtlVirtualUnwind 15781->15782 15783 7ff682e9acaa IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15781->15783 15782->15783 15784 7ff682e9acfc _wfindfirst32i64 15783->15784 15785 7ff682e8bcc0 _wfindfirst32i64 8 API calls 15784->15785 15786 7ff682e9ad1b GetCurrentProcess TerminateProcess 15785->15786 15788 7ff682e93722 15787->15788 15789 7ff682e93795 15787->15789 15792 7ff682e937bf 15788->15792 15793 7ff682e93728 15788->15793 15790 7ff682e937ef 15789->15790 15791 7ff682e9379a 15789->15791 15790->15792 15803 7ff682e937fe 15790->15803 15811 7ff682e93758 15790->15811 15794 7ff682e937cf 15791->15794 15795 7ff682e9379c 15791->15795 15870 7ff682e91c90 15792->15870 15800 7ff682e9372d 15793->15800 15793->15803 15877 7ff682e91880 15794->15877 15796 7ff682e9373d 15795->15796 15802 7ff682e937ab 15795->15802 15812 7ff682e9382d 15796->15812 15852 7ff682e94044 15796->15852 15800->15796 15801 7ff682e93770 15800->15801 15800->15811 15801->15812 15862 7ff682e94500 15801->15862 15802->15792 15805 7ff682e937b0 15802->15805 15803->15812 15884 7ff682e920a0 15803->15884 15805->15812 15866 7ff682e94698 15805->15866 15807 7ff682e8bcc0 _wfindfirst32i64 8 API calls 15809 7ff682e93ac3 15807->15809 15809->15678 15811->15812 15891 7ff682e9ee18 15811->15891 15812->15807 15814 7ff682e933b3 15813->15814 15815 7ff682e933c9 15813->15815 15816 7ff682e93407 15814->15816 15817 7ff682e93722 15814->15817 15818 7ff682e93795 15814->15818 15815->15816 15819 7ff682e9add8 _invalid_parameter_noinfo 37 API calls 15815->15819 15816->15678 15821 7ff682e937bf 15817->15821 15822 7ff682e93728 15817->15822 15820 7ff682e9379a 15818->15820 15825 7ff682e937ef 15818->15825 15819->15816 15823 7ff682e937cf 15820->15823 15824 7ff682e9379c 15820->15824 15827 7ff682e91c90 38 API calls 15821->15827 15830 7ff682e937fe 15822->15830 15831 7ff682e9372d 15822->15831 15828 7ff682e91880 38 API calls 15823->15828 15826 7ff682e9373d 15824->15826 15832 7ff682e937ab 15824->15832 15825->15821 15825->15830 15841 7ff682e93758 15825->15841 15829 7ff682e94044 47 API calls 15826->15829 15842 7ff682e9382d 15826->15842 15827->15841 15828->15841 15829->15841 15834 7ff682e920a0 38 API calls 15830->15834 15830->15842 15831->15826 15833 7ff682e93770 15831->15833 15831->15841 15832->15821 15835 7ff682e937b0 15832->15835 15836 7ff682e94500 47 API calls 15833->15836 15833->15842 15834->15841 15838 7ff682e94698 37 API calls 15835->15838 15835->15842 15836->15841 15837 7ff682e8bcc0 _wfindfirst32i64 8 API calls 15839 7ff682e93ac3 15837->15839 15838->15841 15839->15678 15840 7ff682e9ee18 47 API calls 15840->15841 15841->15840 15841->15842 15842->15837 16049 7ff682e90e54 15843->16049 15847 7ff682e94917 15846->15847 16066 7ff682e9df78 15847->16066 15853 7ff682e94066 15852->15853 15901 7ff682e90cc0 15853->15901 15857 7ff682e941a3 15860 7ff682e9422c 15857->15860 15861 7ff682e94900 45 API calls 15857->15861 15859 7ff682e94900 45 API calls 15859->15857 15860->15811 15861->15860 15863 7ff682e94580 15862->15863 15864 7ff682e94518 15862->15864 15863->15811 15864->15863 15865 7ff682e9ee18 47 API calls 15864->15865 15865->15863 15869 7ff682e946b9 15866->15869 15867 7ff682e9add8 _invalid_parameter_noinfo 37 API calls 15868 7ff682e946ea 15867->15868 15868->15811 15869->15867 15869->15868 15871 7ff682e91cc3 15870->15871 15872 7ff682e91cf2 15871->15872 15874 7ff682e91daf 15871->15874 15873 7ff682e90cc0 12 API calls 15872->15873 15876 7ff682e91d2f 15872->15876 15873->15876 15875 7ff682e9add8 _invalid_parameter_noinfo 37 API calls 15874->15875 15875->15876 15876->15811 15878 7ff682e918b3 15877->15878 15879 7ff682e918e2 15878->15879 15881 7ff682e9199f 15878->15881 15880 7ff682e90cc0 12 API calls 15879->15880 15883 7ff682e9191f 15879->15883 15880->15883 15882 7ff682e9add8 _invalid_parameter_noinfo 37 API calls 15881->15882 15882->15883 15883->15811 15885 7ff682e920d3 15884->15885 15886 7ff682e92102 15885->15886 15889 7ff682e921bf 15885->15889 15887 7ff682e9213f 15886->15887 15888 7ff682e90cc0 12 API calls 15886->15888 15887->15811 15888->15887 15890 7ff682e9add8 _invalid_parameter_noinfo 37 API calls 15889->15890 15890->15887 15892 7ff682e9ee40 15891->15892 15893 7ff682e9ee85 15892->15893 15894 7ff682e94900 45 API calls 15892->15894 15896 7ff682e9ee6e memcpy_s 15892->15896 15898 7ff682e9ee45 memcpy_s 15892->15898 15893->15896 15893->15898 16046 7ff682ea04c8 15893->16046 15894->15893 15895 7ff682e9add8 _invalid_parameter_noinfo 37 API calls 15895->15898 15896->15895 15896->15898 15898->15811 15902 7ff682e90ce6 15901->15902 15903 7ff682e90cf7 15901->15903 15909 7ff682e9eb30 15902->15909 15903->15902 15931 7ff682e9dbbc 15903->15931 15906 7ff682e90d38 15908 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15906->15908 15907 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15907->15906 15908->15902 15910 7ff682e9eb80 15909->15910 15911 7ff682e9eb4d 15909->15911 15910->15911 15913 7ff682e9ebb2 15910->15913 15912 7ff682e9add8 _invalid_parameter_noinfo 37 API calls 15911->15912 15921 7ff682e94181 15912->15921 15917 7ff682e9ecc5 15913->15917 15926 7ff682e9ebfa 15913->15926 15914 7ff682e9edb7 15971 7ff682e9e01c 15914->15971 15916 7ff682e9ed7d 15964 7ff682e9e3b4 15916->15964 15917->15914 15917->15916 15918 7ff682e9ed4c 15917->15918 15920 7ff682e9ed0f 15917->15920 15923 7ff682e9ed05 15917->15923 15957 7ff682e9e694 15918->15957 15947 7ff682e9e8c4 15920->15947 15921->15857 15921->15859 15923->15916 15925 7ff682e9ed0a 15923->15925 15925->15918 15925->15920 15926->15921 15938 7ff682e9aa3c 15926->15938 15929 7ff682e9aec4 _wfindfirst32i64 17 API calls 15930 7ff682e9ee14 15929->15930 15932 7ff682e9dc07 15931->15932 15936 7ff682e9dbcb _get_daylight 15931->15936 15934 7ff682e954c4 _get_daylight 11 API calls 15932->15934 15933 7ff682e9dbee HeapAlloc 15935 7ff682e90d24 15933->15935 15933->15936 15934->15935 15935->15906 15935->15907 15936->15932 15936->15933 15937 7ff682ea3c00 _get_daylight 2 API calls 15936->15937 15937->15936 15939 7ff682e9aa53 15938->15939 15940 7ff682e9aa49 15938->15940 15941 7ff682e954c4 _get_daylight 11 API calls 15939->15941 15940->15939 15945 7ff682e9aa6e 15940->15945 15942 7ff682e9aa5a 15941->15942 15980 7ff682e9aea4 15942->15980 15944 7ff682e9aa66 15944->15921 15944->15929 15945->15944 15946 7ff682e954c4 _get_daylight 11 API calls 15945->15946 15946->15942 15982 7ff682ea471c 15947->15982 15951 7ff682e9e96c 15952 7ff682e9e970 15951->15952 15953 7ff682e9e9c1 15951->15953 15955 7ff682e9e98c 15951->15955 15952->15921 16035 7ff682e9e4b0 15953->16035 16031 7ff682e9e76c 15955->16031 15958 7ff682ea471c 38 API calls 15957->15958 15959 7ff682e9e6de 15958->15959 15960 7ff682ea4164 37 API calls 15959->15960 15962 7ff682e9e72e 15960->15962 15961 7ff682e9e732 15961->15921 15962->15961 15963 7ff682e9e76c 45 API calls 15962->15963 15963->15961 15965 7ff682ea471c 38 API calls 15964->15965 15966 7ff682e9e3ff 15965->15966 15967 7ff682ea4164 37 API calls 15966->15967 15968 7ff682e9e457 15967->15968 15969 7ff682e9e45b 15968->15969 15970 7ff682e9e4b0 45 API calls 15968->15970 15969->15921 15970->15969 15972 7ff682e9e061 15971->15972 15973 7ff682e9e094 15971->15973 15974 7ff682e9add8 _invalid_parameter_noinfo 37 API calls 15972->15974 15975 7ff682e9e0ac 15973->15975 15977 7ff682e9e12d 15973->15977 15979 7ff682e9e08d memcpy_s 15974->15979 15976 7ff682e9e3b4 46 API calls 15975->15976 15976->15979 15978 7ff682e94900 45 API calls 15977->15978 15977->15979 15978->15979 15979->15921 15981 7ff682e9ad3c _invalid_parameter_noinfo 37 API calls 15980->15981 15983 7ff682ea476f fegetenv 15982->15983 15984 7ff682ea867c 37 API calls 15983->15984 15989 7ff682ea47c2 15984->15989 15985 7ff682ea47ef 15988 7ff682e9aa3c __std_exception_copy 37 API calls 15985->15988 15986 7ff682ea48b2 15987 7ff682ea867c 37 API calls 15986->15987 15990 7ff682ea48dc 15987->15990 15991 7ff682ea486d 15988->15991 15989->15986 15992 7ff682ea47dd 15989->15992 15993 7ff682ea488c 15989->15993 15994 7ff682ea867c 37 API calls 15990->15994 15995 7ff682ea5994 15991->15995 16001 7ff682ea4875 15991->16001 15992->15985 15992->15986 15996 7ff682e9aa3c __std_exception_copy 37 API calls 15993->15996 15997 7ff682ea48ed 15994->15997 15999 7ff682e9aec4 _wfindfirst32i64 17 API calls 15995->15999 15996->15991 15998 7ff682ea8870 20 API calls 15997->15998 16009 7ff682ea4956 memcpy_s 15998->16009 16000 7ff682ea59a9 15999->16000 16002 7ff682e8bcc0 _wfindfirst32i64 8 API calls 16001->16002 16003 7ff682e9e911 16002->16003 16027 7ff682ea4164 16003->16027 16004 7ff682ea4cff memcpy_s 16005 7ff682ea503f 16006 7ff682ea4280 37 API calls 16005->16006 16013 7ff682ea5757 16006->16013 16007 7ff682ea4feb 16007->16005 16010 7ff682ea59ac memcpy_s 37 API calls 16007->16010 16008 7ff682ea4997 memcpy_s 16023 7ff682ea4df3 memcpy_s 16008->16023 16026 7ff682ea52db memcpy_s 16008->16026 16009->16004 16009->16008 16011 7ff682e954c4 _get_daylight 11 API calls 16009->16011 16010->16005 16012 7ff682ea4dd0 16011->16012 16014 7ff682e9aea4 _invalid_parameter_noinfo 37 API calls 16012->16014 16016 7ff682ea59ac memcpy_s 37 API calls 16013->16016 16020 7ff682ea57b2 16013->16020 16014->16008 16015 7ff682ea5938 16018 7ff682ea867c 37 API calls 16015->16018 16016->16020 16017 7ff682e954c4 11 API calls _get_daylight 16017->16023 16018->16001 16019 7ff682e954c4 11 API calls _get_daylight 16019->16026 16020->16015 16021 7ff682ea4280 37 API calls 16020->16021 16025 7ff682ea59ac memcpy_s 37 API calls 16020->16025 16021->16020 16022 7ff682e9aea4 37 API calls _invalid_parameter_noinfo 16022->16026 16023->16007 16023->16017 16024 7ff682e9aea4 37 API calls _invalid_parameter_noinfo 16023->16024 16024->16023 16025->16020 16026->16005 16026->16007 16026->16019 16026->16022 16028 7ff682ea4183 16027->16028 16029 7ff682e9add8 _invalid_parameter_noinfo 37 API calls 16028->16029 16030 7ff682ea41ae memcpy_s 16028->16030 16029->16030 16030->15951 16032 7ff682e9e798 memcpy_s 16031->16032 16033 7ff682e94900 45 API calls 16032->16033 16034 7ff682e9e852 memcpy_s 16032->16034 16033->16034 16034->15952 16036 7ff682e9e4eb 16035->16036 16041 7ff682e9e538 memcpy_s 16035->16041 16037 7ff682e9add8 _invalid_parameter_noinfo 37 API calls 16036->16037 16038 7ff682e9e517 16037->16038 16038->15952 16039 7ff682e9e5a3 16040 7ff682e9aa3c __std_exception_copy 37 API calls 16039->16040 16042 7ff682e9e5e5 memcpy_s 16040->16042 16041->16039 16043 7ff682e94900 45 API calls 16041->16043 16044 7ff682e9aec4 _wfindfirst32i64 17 API calls 16042->16044 16043->16039 16045 7ff682e9e690 16044->16045 16048 7ff682ea04ec WideCharToMultiByte 16046->16048 16050 7ff682e90e81 16049->16050 16051 7ff682e90e93 16049->16051 16052 7ff682e954c4 _get_daylight 11 API calls 16050->16052 16054 7ff682e90ea0 16051->16054 16057 7ff682e90edd 16051->16057 16053 7ff682e90e86 16052->16053 16055 7ff682e9aea4 _invalid_parameter_noinfo 37 API calls 16053->16055 16056 7ff682e9add8 _invalid_parameter_noinfo 37 API calls 16054->16056 16063 7ff682e90e91 16055->16063 16056->16063 16058 7ff682e90f86 16057->16058 16059 7ff682e954c4 _get_daylight 11 API calls 16057->16059 16060 7ff682e954c4 _get_daylight 11 API calls 16058->16060 16058->16063 16061 7ff682e90f7b 16059->16061 16062 7ff682e91030 16060->16062 16064 7ff682e9aea4 _invalid_parameter_noinfo 37 API calls 16061->16064 16065 7ff682e9aea4 _invalid_parameter_noinfo 37 API calls 16062->16065 16063->15678 16064->16058 16065->16063 16067 7ff682e9df91 16066->16067 16068 7ff682e9493f 16066->16068 16067->16068 16074 7ff682ea3974 16067->16074 16070 7ff682e9dfe4 16068->16070 16071 7ff682e9494f 16070->16071 16072 7ff682e9dffd 16070->16072 16071->15678 16072->16071 16118 7ff682ea2cc0 16072->16118 16086 7ff682e9b710 GetLastError 16074->16086 16077 7ff682ea39ce 16077->16068 16087 7ff682e9b751 FlsSetValue 16086->16087 16088 7ff682e9b734 FlsGetValue 16086->16088 16090 7ff682e9b763 16087->16090 16105 7ff682e9b741 16087->16105 16089 7ff682e9b74b 16088->16089 16088->16105 16089->16087 16092 7ff682e9f158 _get_daylight 11 API calls 16090->16092 16091 7ff682e9b7bd SetLastError 16093 7ff682e9b7ca 16091->16093 16094 7ff682e9b7dd 16091->16094 16095 7ff682e9b772 16092->16095 16093->16077 16108 7ff682ea0cb8 EnterCriticalSection 16093->16108 16109 7ff682e9aa9c 16094->16109 16097 7ff682e9b790 FlsSetValue 16095->16097 16098 7ff682e9b780 FlsSetValue 16095->16098 16099 7ff682e9b7ae 16097->16099 16100 7ff682e9b79c FlsSetValue 16097->16100 16102 7ff682e9b789 16098->16102 16103 7ff682e9b4b8 _get_daylight 11 API calls 16099->16103 16100->16102 16104 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16102->16104 16106 7ff682e9b7b6 16103->16106 16104->16105 16105->16091 16107 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16106->16107 16107->16091 16110 7ff682ea3cc0 _CreateFrameInfo EnterCriticalSection LeaveCriticalSection 16109->16110 16111 7ff682e9aaa5 16110->16111 16112 7ff682e9aab4 16111->16112 16113 7ff682ea3d10 _CreateFrameInfo 44 API calls 16111->16113 16114 7ff682e9aae7 _CreateFrameInfo 16112->16114 16115 7ff682e9aabd IsProcessorFeaturePresent 16112->16115 16113->16112 16116 7ff682e9aacc 16115->16116 16117 7ff682e9abd8 _wfindfirst32i64 14 API calls 16116->16117 16117->16114 16119 7ff682e9b710 _CreateFrameInfo 45 API calls 16118->16119 16120 7ff682ea2cc9 16119->16120 16128 7ff682e9536c EnterCriticalSection 16121->16128 16130 7ff682e828ac 16129->16130 16131 7ff682e94ac4 49 API calls 16130->16131 16132 7ff682e828fd 16131->16132 16133 7ff682e954c4 _get_daylight 11 API calls 16132->16133 16134 7ff682e82902 16133->16134 16148 7ff682e954e4 16134->16148 16137 7ff682e81ef0 49 API calls 16138 7ff682e82931 memcpy_s 16137->16138 16139 7ff682e88ae0 57 API calls 16138->16139 16140 7ff682e82966 16139->16140 16141 7ff682e8296b 16140->16141 16142 7ff682e829a3 MessageBoxA 16140->16142 16143 7ff682e88ae0 57 API calls 16141->16143 16144 7ff682e829bd 16142->16144 16145 7ff682e82985 MessageBoxW 16143->16145 16146 7ff682e8bcc0 _wfindfirst32i64 8 API calls 16144->16146 16145->16144 16147 7ff682e829cd 16146->16147 16147->15354 16149 7ff682e9b888 _get_daylight 11 API calls 16148->16149 16150 7ff682e954fb 16149->16150 16151 7ff682e9f158 _get_daylight 11 API calls 16150->16151 16154 7ff682e9553b 16150->16154 16157 7ff682e82909 16150->16157 16152 7ff682e95530 16151->16152 16153 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16152->16153 16153->16154 16154->16157 16160 7ff682e9f828 16154->16160 16157->16137 16158 7ff682e9aec4 _wfindfirst32i64 17 API calls 16159 7ff682e95580 16158->16159 16163 7ff682e9f845 16160->16163 16161 7ff682e9f84a 16162 7ff682e954c4 _get_daylight 11 API calls 16161->16162 16166 7ff682e95561 16161->16166 16168 7ff682e9f854 16162->16168 16163->16161 16165 7ff682e9f894 16163->16165 16163->16166 16164 7ff682e9aea4 _invalid_parameter_noinfo 37 API calls 16164->16166 16165->16166 16167 7ff682e954c4 _get_daylight 11 API calls 16165->16167 16166->16157 16166->16158 16167->16168 16168->16164 16170 7ff682e88c82 WideCharToMultiByte 16169->16170 16171 7ff682e88c14 WideCharToMultiByte 16169->16171 16173 7ff682e88caf 16170->16173 16177 7ff682e83f25 16170->16177 16172 7ff682e88c3e 16171->16172 16176 7ff682e88c55 16171->16176 16174 7ff682e829e0 57 API calls 16172->16174 16175 7ff682e829e0 57 API calls 16173->16175 16174->16177 16175->16177 16176->16170 16178 7ff682e88c6b 16176->16178 16177->15363 16177->15366 16179 7ff682e829e0 57 API calls 16178->16179 16179->16177 16181 7ff682e87bde 16180->16181 16182 7ff682e9a9b3 16180->16182 16181->15381 16182->16181 16183 7ff682e9aa3c __std_exception_copy 37 API calls 16182->16183 16184 7ff682e9a9e0 16183->16184 16184->16181 16185 7ff682e9aec4 _wfindfirst32i64 17 API calls 16184->16185 16186 7ff682e9aa10 16185->16186 16188 7ff682e83fd0 116 API calls 16187->16188 16189 7ff682e81ad6 16188->16189 16190 7ff682e81c84 16189->16190 16192 7ff682e882b0 83 API calls 16189->16192 16191 7ff682e8bcc0 _wfindfirst32i64 8 API calls 16190->16191 16193 7ff682e81c98 16191->16193 16194 7ff682e81b0e 16192->16194 16193->15401 16220 7ff682e83e40 16193->16220 16218 7ff682e81b3f 16194->16218 16226 7ff682e90814 16194->16226 16196 7ff682e9018c 74 API calls 16196->16190 16197 7ff682e81b28 16198 7ff682e81b2c 16197->16198 16199 7ff682e81b44 16197->16199 16200 7ff682e82890 59 API calls 16198->16200 16230 7ff682e904dc 16199->16230 16200->16218 16203 7ff682e81b77 16206 7ff682e90814 73 API calls 16203->16206 16204 7ff682e81b5f 16205 7ff682e82890 59 API calls 16204->16205 16205->16218 16207 7ff682e81bc4 16206->16207 16208 7ff682e81bd6 16207->16208 16209 7ff682e81bee 16207->16209 16210 7ff682e82890 59 API calls 16208->16210 16211 7ff682e904dc _fread_nolock 53 API calls 16209->16211 16210->16218 16212 7ff682e81c03 16211->16212 16213 7ff682e81c09 16212->16213 16214 7ff682e81c1e 16212->16214 16215 7ff682e82890 59 API calls 16213->16215 16233 7ff682e90250 16214->16233 16215->16218 16218->16196 16219 7ff682e82b30 59 API calls 16219->16218 16221 7ff682e81ef0 49 API calls 16220->16221 16222 7ff682e83e5d 16221->16222 16222->15400 16224 7ff682e81ef0 49 API calls 16223->16224 16225 7ff682e84080 16224->16225 16225->15401 16225->16225 16227 7ff682e90844 16226->16227 16239 7ff682e905a4 16227->16239 16229 7ff682e9085d 16229->16197 16251 7ff682e904fc 16230->16251 16234 7ff682e90259 16233->16234 16235 7ff682e81c32 16233->16235 16236 7ff682e954c4 _get_daylight 11 API calls 16234->16236 16235->16218 16235->16219 16237 7ff682e9025e 16236->16237 16238 7ff682e9aea4 _invalid_parameter_noinfo 37 API calls 16237->16238 16238->16235 16240 7ff682e9060e 16239->16240 16241 7ff682e905ce 16239->16241 16240->16241 16242 7ff682e9061a 16240->16242 16243 7ff682e9add8 _invalid_parameter_noinfo 37 API calls 16241->16243 16250 7ff682e9536c EnterCriticalSection 16242->16250 16245 7ff682e905f5 16243->16245 16245->16229 16252 7ff682e81b59 16251->16252 16253 7ff682e90526 16251->16253 16252->16203 16252->16204 16253->16252 16254 7ff682e90572 16253->16254 16255 7ff682e90535 memcpy_s 16253->16255 16264 7ff682e9536c EnterCriticalSection 16254->16264 16258 7ff682e954c4 _get_daylight 11 API calls 16255->16258 16260 7ff682e9054a 16258->16260 16262 7ff682e9aea4 _invalid_parameter_noinfo 37 API calls 16260->16262 16262->16252 16266 7ff682e87966 16265->16266 16267 7ff682e879dd GetTempPathW 16266->16267 16268 7ff682e8798a 16266->16268 16270 7ff682e879f2 16267->16270 16269 7ff682e87b60 61 API calls 16268->16269 16271 7ff682e87996 16269->16271 16304 7ff682e82830 16270->16304 16328 7ff682e87420 16271->16328 16277 7ff682e8bcc0 _wfindfirst32i64 8 API calls 16280 7ff682e8154f 16277->16280 16278 7ff682e87a0b __std_exception_destroy 16282 7ff682e87ab6 16278->16282 16287 7ff682e87a41 16278->16287 16308 7ff682e98aa4 16278->16308 16311 7ff682e88950 16278->16311 16279 7ff682e879bc __std_exception_destroy 16279->16267 16283 7ff682e879ca 16279->16283 16280->15410 16280->15411 16285 7ff682e88bf0 59 API calls 16282->16285 16284 7ff682e82b30 59 API calls 16283->16284 16286 7ff682e879d6 16284->16286 16288 7ff682e87ac7 __std_exception_destroy 16285->16288 16303 7ff682e87a7a __std_exception_destroy 16286->16303 16289 7ff682e88ae0 57 API calls 16287->16289 16287->16303 16290 7ff682e88ae0 57 API calls 16288->16290 16288->16303 16291 7ff682e87a57 16289->16291 16292 7ff682e87ae5 16290->16292 16293 7ff682e87a5c 16291->16293 16294 7ff682e87a99 SetEnvironmentVariableW 16291->16294 16295 7ff682e87b1d SetEnvironmentVariableW 16292->16295 16296 7ff682e87aea 16292->16296 16297 7ff682e88ae0 57 API calls 16293->16297 16294->16303 16295->16303 16298 7ff682e88ae0 57 API calls 16296->16298 16299 7ff682e87a6c 16297->16299 16301 7ff682e87afa 16298->16301 16300 7ff682e97dec 38 API calls 16299->16300 16300->16303 16302 7ff682e97dec 38 API calls 16301->16302 16302->16303 16303->16277 16305 7ff682e82855 16304->16305 16362 7ff682e94d18 16305->16362 16556 7ff682e986d0 16308->16556 16312 7ff682e8bc60 16311->16312 16313 7ff682e88960 GetCurrentProcess OpenProcessToken 16312->16313 16314 7ff682e889ab GetTokenInformation 16313->16314 16316 7ff682e88a21 __std_exception_destroy 16313->16316 16315 7ff682e889cd GetLastError 16314->16315 16317 7ff682e889d8 16314->16317 16315->16316 16315->16317 16318 7ff682e88a34 CloseHandle 16316->16318 16319 7ff682e88a3a 16316->16319 16317->16316 16321 7ff682e889ee GetTokenInformation 16317->16321 16318->16319 16687 7ff682e88650 16319->16687 16321->16316 16323 7ff682e88a14 ConvertSidToStringSidW 16321->16323 16323->16316 16324 7ff682e88aae 16326 7ff682e8bcc0 _wfindfirst32i64 8 API calls 16324->16326 16325 7ff682e88a96 CreateDirectoryW 16325->16324 16327 7ff682e88ac3 16326->16327 16327->16278 16329 7ff682e8742c 16328->16329 16330 7ff682e88ae0 57 API calls 16329->16330 16331 7ff682e8744e 16330->16331 16332 7ff682e87469 ExpandEnvironmentStringsW 16331->16332 16333 7ff682e87456 16331->16333 16335 7ff682e8748f __std_exception_destroy 16332->16335 16334 7ff682e82b30 59 API calls 16333->16334 16341 7ff682e87462 16334->16341 16336 7ff682e874a6 16335->16336 16337 7ff682e87493 16335->16337 16342 7ff682e874b4 16336->16342 16343 7ff682e874c0 16336->16343 16339 7ff682e82b30 59 API calls 16337->16339 16338 7ff682e8bcc0 _wfindfirst32i64 8 API calls 16340 7ff682e87588 16338->16340 16339->16341 16340->16303 16352 7ff682e97dec 16340->16352 16341->16338 16691 7ff682e979a4 16342->16691 16698 7ff682e96328 16343->16698 16346 7ff682e874be 16347 7ff682e874da 16346->16347 16350 7ff682e874ed memcpy_s 16346->16350 16348 7ff682e82b30 59 API calls 16347->16348 16348->16341 16349 7ff682e87562 CreateDirectoryW 16349->16341 16350->16349 16351 7ff682e8753c CreateDirectoryW 16350->16351 16351->16350 16353 7ff682e97df9 16352->16353 16354 7ff682e97e0c 16352->16354 16355 7ff682e954c4 _get_daylight 11 API calls 16353->16355 16799 7ff682e97a70 16354->16799 16357 7ff682e97dfe 16355->16357 16358 7ff682e9aea4 _invalid_parameter_noinfo 37 API calls 16357->16358 16360 7ff682e97e0a 16358->16360 16360->16279 16364 7ff682e94d72 16362->16364 16363 7ff682e94d97 16365 7ff682e9add8 _invalid_parameter_noinfo 37 API calls 16363->16365 16364->16363 16366 7ff682e94dd3 16364->16366 16368 7ff682e94dc1 16365->16368 16380 7ff682e930d0 16366->16380 16370 7ff682e8bcc0 _wfindfirst32i64 8 API calls 16368->16370 16369 7ff682e94eb4 16371 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16369->16371 16372 7ff682e82874 16370->16372 16371->16368 16372->16278 16374 7ff682e94e89 16377 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16374->16377 16375 7ff682e94eda 16375->16369 16376 7ff682e94ee4 16375->16376 16379 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16376->16379 16377->16368 16378 7ff682e94e80 16378->16369 16378->16374 16379->16368 16381 7ff682e9310e 16380->16381 16382 7ff682e930fe 16380->16382 16383 7ff682e93117 16381->16383 16387 7ff682e93145 16381->16387 16384 7ff682e9add8 _invalid_parameter_noinfo 37 API calls 16382->16384 16385 7ff682e9add8 _invalid_parameter_noinfo 37 API calls 16383->16385 16386 7ff682e9313d 16384->16386 16385->16386 16386->16369 16386->16374 16386->16375 16386->16378 16387->16382 16387->16386 16391 7ff682e93ae4 16387->16391 16424 7ff682e93530 16387->16424 16461 7ff682e92cc0 16387->16461 16392 7ff682e93b26 16391->16392 16393 7ff682e93b97 16391->16393 16396 7ff682e93bc1 16392->16396 16397 7ff682e93b2c 16392->16397 16394 7ff682e93bf0 16393->16394 16395 7ff682e93b9c 16393->16395 16402 7ff682e93c07 16394->16402 16404 7ff682e93bfa 16394->16404 16409 7ff682e93bff 16394->16409 16398 7ff682e93b9e 16395->16398 16399 7ff682e93bd1 16395->16399 16480 7ff682e91e94 16396->16480 16400 7ff682e93b60 16397->16400 16401 7ff682e93b31 16397->16401 16403 7ff682e93b40 16398->16403 16413 7ff682e93bad 16398->16413 16487 7ff682e91a84 16399->16487 16405 7ff682e93b37 16400->16405 16400->16409 16401->16402 16401->16405 16494 7ff682e947ec 16402->16494 16422 7ff682e93c30 16403->16422 16464 7ff682e94298 16403->16464 16404->16396 16404->16409 16405->16403 16412 7ff682e93b72 16405->16412 16420 7ff682e93b5b 16405->16420 16409->16422 16498 7ff682e922a4 16409->16498 16412->16422 16474 7ff682e945d4 16412->16474 16413->16396 16414 7ff682e93bb2 16413->16414 16418 7ff682e94698 37 API calls 16414->16418 16414->16422 16416 7ff682e8bcc0 _wfindfirst32i64 8 API calls 16417 7ff682e93f2a 16416->16417 16417->16387 16418->16420 16419 7ff682e94900 45 API calls 16423 7ff682e93e1c 16419->16423 16420->16419 16420->16422 16420->16423 16422->16416 16423->16422 16505 7ff682e9efc8 16423->16505 16425 7ff682e9353e 16424->16425 16426 7ff682e93554 16424->16426 16428 7ff682e93b26 16425->16428 16429 7ff682e93b97 16425->16429 16450 7ff682e93594 16425->16450 16427 7ff682e9add8 _invalid_parameter_noinfo 37 API calls 16426->16427 16426->16450 16427->16450 16431 7ff682e93b2c 16428->16431 16435 7ff682e93bc1 16428->16435 16430 7ff682e93b9c 16429->16430 16434 7ff682e93bf0 16429->16434 16432 7ff682e93b9e 16430->16432 16433 7ff682e93bd1 16430->16433 16436 7ff682e93b60 16431->16436 16437 7ff682e93b31 16431->16437 16439 7ff682e93b40 16432->16439 16449 7ff682e93bad 16432->16449 16443 7ff682e91a84 38 API calls 16433->16443 16438 7ff682e93c07 16434->16438 16440 7ff682e93bfa 16434->16440 16445 7ff682e93bff 16434->16445 16442 7ff682e91e94 38 API calls 16435->16442 16441 7ff682e93b37 16436->16441 16436->16445 16437->16438 16437->16441 16446 7ff682e947ec 45 API calls 16438->16446 16444 7ff682e94298 47 API calls 16439->16444 16460 7ff682e93c30 16439->16460 16440->16435 16440->16445 16441->16439 16447 7ff682e93b72 16441->16447 16457 7ff682e93b5b 16441->16457 16442->16457 16443->16457 16444->16457 16448 7ff682e922a4 38 API calls 16445->16448 16445->16460 16446->16457 16451 7ff682e945d4 46 API calls 16447->16451 16447->16460 16448->16457 16449->16435 16452 7ff682e93bb2 16449->16452 16450->16387 16451->16457 16455 7ff682e94698 37 API calls 16452->16455 16452->16460 16453 7ff682e8bcc0 _wfindfirst32i64 8 API calls 16454 7ff682e93f2a 16453->16454 16454->16387 16455->16457 16456 7ff682e94900 45 API calls 16459 7ff682e93e1c 16456->16459 16457->16456 16457->16459 16457->16460 16458 7ff682e9efc8 46 API calls 16458->16459 16459->16458 16459->16460 16460->16453 16539 7ff682e91108 16461->16539 16465 7ff682e942be 16464->16465 16466 7ff682e90cc0 12 API calls 16465->16466 16467 7ff682e9430e 16466->16467 16468 7ff682e9eb30 46 API calls 16467->16468 16469 7ff682e943e1 16468->16469 16470 7ff682e94900 45 API calls 16469->16470 16473 7ff682e94403 16469->16473 16470->16473 16471 7ff682e94900 45 API calls 16472 7ff682e94491 16471->16472 16472->16420 16473->16471 16473->16472 16473->16473 16476 7ff682e94609 16474->16476 16475 7ff682e9464e 16475->16420 16476->16475 16477 7ff682e94627 16476->16477 16478 7ff682e94900 45 API calls 16476->16478 16479 7ff682e9efc8 46 API calls 16477->16479 16478->16477 16479->16475 16482 7ff682e91ec7 16480->16482 16481 7ff682e91ef6 16486 7ff682e91f33 16481->16486 16517 7ff682e90d68 16481->16517 16482->16481 16484 7ff682e91fb3 16482->16484 16485 7ff682e9add8 _invalid_parameter_noinfo 37 API calls 16484->16485 16485->16486 16486->16420 16488 7ff682e91ab7 16487->16488 16489 7ff682e91ae6 16488->16489 16491 7ff682e91ba3 16488->16491 16490 7ff682e90d68 12 API calls 16489->16490 16493 7ff682e91b23 16489->16493 16490->16493 16492 7ff682e9add8 _invalid_parameter_noinfo 37 API calls 16491->16492 16492->16493 16493->16420 16495 7ff682e9482f 16494->16495 16497 7ff682e94833 __crtLCMapStringW 16495->16497 16525 7ff682e94888 16495->16525 16497->16420 16500 7ff682e922d7 16498->16500 16499 7ff682e92306 16501 7ff682e90d68 12 API calls 16499->16501 16504 7ff682e92343 16499->16504 16500->16499 16502 7ff682e923c3 16500->16502 16501->16504 16503 7ff682e9add8 _invalid_parameter_noinfo 37 API calls 16502->16503 16503->16504 16504->16420 16506 7ff682e9eff9 16505->16506 16515 7ff682e9f007 16505->16515 16507 7ff682e9f027 16506->16507 16510 7ff682e94900 45 API calls 16506->16510 16506->16515 16508 7ff682e9f05f 16507->16508 16509 7ff682e9f038 16507->16509 16512 7ff682e9f089 16508->16512 16513 7ff682e9f0ea 16508->16513 16508->16515 16529 7ff682ea0a80 16509->16529 16510->16507 16512->16515 16532 7ff682e9fc00 16512->16532 16514 7ff682e9fc00 _fread_nolock MultiByteToWideChar 16513->16514 16514->16515 16515->16423 16518 7ff682e90d9f 16517->16518 16524 7ff682e90d8e 16517->16524 16519 7ff682e9dbbc _fread_nolock 12 API calls 16518->16519 16518->16524 16520 7ff682e90dd0 16519->16520 16521 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16520->16521 16523 7ff682e90de4 16520->16523 16521->16523 16522 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16522->16524 16523->16522 16524->16486 16526 7ff682e948a6 16525->16526 16528 7ff682e948ae 16525->16528 16527 7ff682e94900 45 API calls 16526->16527 16527->16528 16528->16497 16535 7ff682ea76e0 16529->16535 16534 7ff682e9fc09 MultiByteToWideChar 16532->16534 16537 7ff682ea7744 16535->16537 16536 7ff682e8bcc0 _wfindfirst32i64 8 API calls 16538 7ff682ea0a9d 16536->16538 16537->16536 16538->16515 16540 7ff682e9114f 16539->16540 16541 7ff682e9113d 16539->16541 16544 7ff682e9115d 16540->16544 16551 7ff682e91199 16540->16551 16542 7ff682e954c4 _get_daylight 11 API calls 16541->16542 16543 7ff682e91142 16542->16543 16545 7ff682e9aea4 _invalid_parameter_noinfo 37 API calls 16543->16545 16546 7ff682e9add8 _invalid_parameter_noinfo 37 API calls 16544->16546 16554 7ff682e9114d 16545->16554 16546->16554 16547 7ff682e954c4 _get_daylight 11 API calls 16549 7ff682e917a9 16547->16549 16548 7ff682e954c4 _get_daylight 11 API calls 16550 7ff682e9150a 16548->16550 16552 7ff682e9aea4 _invalid_parameter_noinfo 37 API calls 16549->16552 16553 7ff682e9aea4 _invalid_parameter_noinfo 37 API calls 16550->16553 16551->16548 16555 7ff682e91515 16551->16555 16552->16554 16553->16555 16554->16387 16555->16547 16555->16554 16597 7ff682ea1bc8 16556->16597 16656 7ff682ea1940 16597->16656 16677 7ff682ea0cb8 EnterCriticalSection 16656->16677 16688 7ff682e88675 16687->16688 16689 7ff682e94d18 48 API calls 16688->16689 16690 7ff682e88698 LocalFree ConvertStringSecurityDescriptorToSecurityDescriptorW 16689->16690 16690->16324 16690->16325 16692 7ff682e979f5 16691->16692 16693 7ff682e979c2 16691->16693 16692->16346 16693->16692 16710 7ff682ea0e54 16693->16710 16696 7ff682e9aec4 _wfindfirst32i64 17 API calls 16697 7ff682e97a25 16696->16697 16699 7ff682e963b2 16698->16699 16700 7ff682e96344 16698->16700 16744 7ff682ea04a0 16699->16744 16700->16699 16702 7ff682e96349 16700->16702 16704 7ff682e9637e 16702->16704 16705 7ff682e96361 16702->16705 16703 7ff682e96376 __std_exception_destroy 16703->16346 16727 7ff682e9616c GetFullPathNameW 16704->16727 16719 7ff682e960f8 GetFullPathNameW 16705->16719 16711 7ff682ea0e61 16710->16711 16714 7ff682ea0e6b 16710->16714 16711->16714 16717 7ff682ea0e87 16711->16717 16712 7ff682e954c4 _get_daylight 11 API calls 16713 7ff682ea0e73 16712->16713 16715 7ff682e9aea4 _invalid_parameter_noinfo 37 API calls 16713->16715 16714->16712 16716 7ff682e979f1 16715->16716 16716->16692 16716->16696 16717->16716 16718 7ff682e954c4 _get_daylight 11 API calls 16717->16718 16718->16713 16720 7ff682e9611e GetLastError 16719->16720 16721 7ff682e96134 16719->16721 16722 7ff682e95438 _fread_nolock 11 API calls 16720->16722 16723 7ff682e96130 16721->16723 16725 7ff682e954c4 _get_daylight 11 API calls 16721->16725 16724 7ff682e9612b 16722->16724 16723->16703 16726 7ff682e954c4 _get_daylight 11 API calls 16724->16726 16725->16723 16726->16723 16728 7ff682e9619f GetLastError 16727->16728 16732 7ff682e961b5 __std_exception_destroy 16727->16732 16729 7ff682e95438 _fread_nolock 11 API calls 16728->16729 16730 7ff682e961ac 16729->16730 16731 7ff682e954c4 _get_daylight 11 API calls 16730->16731 16733 7ff682e961b1 16731->16733 16732->16733 16734 7ff682e9620f GetFullPathNameW 16732->16734 16735 7ff682e96244 16733->16735 16734->16728 16734->16733 16738 7ff682e962b8 memcpy_s 16735->16738 16739 7ff682e9626d memcpy_s 16735->16739 16736 7ff682e962a1 16737 7ff682e954c4 _get_daylight 11 API calls 16736->16737 16743 7ff682e962a6 16737->16743 16738->16703 16739->16736 16739->16738 16741 7ff682e962da 16739->16741 16740 7ff682e9aea4 _invalid_parameter_noinfo 37 API calls 16740->16738 16741->16738 16742 7ff682e954c4 _get_daylight 11 API calls 16741->16742 16742->16743 16743->16740 16747 7ff682ea02b0 16744->16747 16748 7ff682ea02f2 16747->16748 16749 7ff682ea02db 16747->16749 16751 7ff682ea0317 16748->16751 16752 7ff682ea02f6 16748->16752 16750 7ff682e954c4 _get_daylight 11 API calls 16749->16750 16756 7ff682ea02e0 16750->16756 16785 7ff682e9f918 16751->16785 16773 7ff682ea041c 16752->16773 16755 7ff682ea031c 16761 7ff682ea03c1 16755->16761 16768 7ff682ea0343 16755->16768 16758 7ff682e9aea4 _invalid_parameter_noinfo 37 API calls 16756->16758 16772 7ff682ea02eb __std_exception_destroy 16758->16772 16759 7ff682ea02ff 16760 7ff682e954a4 _fread_nolock 11 API calls 16759->16760 16762 7ff682ea0304 16760->16762 16761->16749 16763 7ff682ea03c9 16761->16763 16765 7ff682e954c4 _get_daylight 11 API calls 16762->16765 16766 7ff682e960f8 13 API calls 16763->16766 16764 7ff682e8bcc0 _wfindfirst32i64 8 API calls 16767 7ff682ea0411 16764->16767 16765->16756 16766->16772 16767->16703 16769 7ff682e9616c 14 API calls 16768->16769 16770 7ff682ea0387 16769->16770 16771 7ff682e96244 37 API calls 16770->16771 16770->16772 16771->16772 16772->16764 16774 7ff682ea0466 16773->16774 16775 7ff682ea0436 16773->16775 16776 7ff682ea0471 GetDriveTypeW 16774->16776 16777 7ff682ea0451 16774->16777 16778 7ff682e954a4 _fread_nolock 11 API calls 16775->16778 16776->16777 16780 7ff682e8bcc0 _wfindfirst32i64 8 API calls 16777->16780 16779 7ff682ea043b 16778->16779 16781 7ff682e954c4 _get_daylight 11 API calls 16779->16781 16782 7ff682ea02fb 16780->16782 16783 7ff682ea0446 16781->16783 16782->16755 16782->16759 16784 7ff682e9aea4 _invalid_parameter_noinfo 37 API calls 16783->16784 16784->16777 16786 7ff682e8d0e0 memcpy_s 16785->16786 16787 7ff682e9f94e GetCurrentDirectoryW 16786->16787 16788 7ff682e9f98c 16787->16788 16791 7ff682e9f965 16787->16791 16789 7ff682e9f158 _get_daylight 11 API calls 16788->16789 16792 7ff682e9f99b 16789->16792 16790 7ff682e8bcc0 _wfindfirst32i64 8 API calls 16793 7ff682e9f9f9 16790->16793 16791->16790 16794 7ff682e9f9a5 GetCurrentDirectoryW 16792->16794 16795 7ff682e9f9b4 16792->16795 16793->16755 16794->16795 16797 7ff682e9f9b9 16794->16797 16796 7ff682e954c4 _get_daylight 11 API calls 16795->16796 16796->16797 16798 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16797->16798 16798->16791 16806 7ff682ea0cb8 EnterCriticalSection 16799->16806 16808 7ff682e81726 16807->16808 16809 7ff682e8173e 16807->16809 16810 7ff682e82b30 59 API calls 16808->16810 16811 7ff682e81768 16809->16811 16812 7ff682e81744 16809->16812 16814 7ff682e81732 16810->16814 16900 7ff682e87c10 16811->16900 16937 7ff682e812b0 16812->16937 16814->15421 16818 7ff682e8178d 16822 7ff682e82890 59 API calls 16818->16822 16819 7ff682e817b9 16823 7ff682e83fd0 116 API calls 16819->16823 16820 7ff682e8175f 16820->15421 16821 7ff682e82b30 59 API calls 16821->16820 16824 7ff682e817a3 16822->16824 16825 7ff682e817ce 16823->16825 16824->15421 16826 7ff682e817d6 16825->16826 16827 7ff682e817ee 16825->16827 16828 7ff682e82b30 59 API calls 16826->16828 16829 7ff682e90814 73 API calls 16827->16829 16831 7ff682e817e5 16828->16831 16830 7ff682e817ff 16829->16830 16832 7ff682e81823 16830->16832 16833 7ff682e81803 16830->16833 16835 7ff682e9018c 74 API calls 16831->16835 16836 7ff682e81829 16832->16836 16839 7ff682e81841 16832->16839 16834 7ff682e82890 59 API calls 16833->16834 16843 7ff682e81819 __std_exception_destroy 16834->16843 16837 7ff682e81937 16835->16837 16919 7ff682e81050 16836->16919 16837->15421 16841 7ff682e81863 16839->16841 16847 7ff682e81882 16839->16847 16840 7ff682e9018c 74 API calls 16840->16831 16842 7ff682e82890 59 API calls 16841->16842 16842->16843 16843->16840 16844 7ff682e904dc _fread_nolock 53 API calls 16844->16847 16845 7ff682e818e5 16848 7ff682e82890 59 API calls 16845->16848 16847->16843 16847->16844 16847->16845 16976 7ff682e90c1c 16847->16976 16848->16843 16850 7ff682e82d86 16849->16850 16851 7ff682e81ef0 49 API calls 16850->16851 16853 7ff682e82db9 16851->16853 16852 7ff682e830ea 16853->16852 16854 7ff682e83e40 49 API calls 16853->16854 16855 7ff682e82e27 16854->16855 16856 7ff682e83e40 49 API calls 16855->16856 16857 7ff682e82e38 16856->16857 16858 7ff682e82e59 16857->16858 16859 7ff682e82e95 16857->16859 17072 7ff682e831b0 16858->17072 16861 7ff682e831b0 75 API calls 16859->16861 16862 7ff682e82e93 16861->16862 16863 7ff682e82f16 16862->16863 16864 7ff682e82ed4 16862->16864 16865 7ff682e831b0 75 API calls 16863->16865 17080 7ff682e875a0 16864->17080 16867 7ff682e82f40 16865->16867 16872 7ff682e831b0 75 API calls 16867->16872 16876 7ff682e82fdc 16867->16876 16869 7ff682e82ef7 16870 7ff682e83171 16878 7ff682e82b30 59 API calls 16870->16878 16874 7ff682e82f72 16872->16874 16873 7ff682e82f11 16880 7ff682e8bcc0 _wfindfirst32i64 8 API calls 16873->16880 16874->16876 16879 7ff682e831b0 75 API calls 16874->16879 16875 7ff682e81eb0 59 API calls 16877 7ff682e8302f 16875->16877 16876->16875 16891 7ff682e830ef 16876->16891 16877->16852 16882 7ff682e81ef0 49 API calls 16877->16882 16878->16852 16881 7ff682e82fa0 16879->16881 16883 7ff682e82fd1 16880->16883 16881->16876 16884 7ff682e82fa4 16881->16884 16885 7ff682e83057 16882->16885 16883->15421 16886 7ff682e82b30 59 API calls 16884->16886 16885->16870 16888 7ff682e81ef0 49 API calls 16885->16888 16886->16873 16887 7ff682e82b30 59 API calls 16893 7ff682e83148 16887->16893 16890 7ff682e83084 16888->16890 16890->16870 16892 7ff682e81ef0 49 API calls 16890->16892 16891->16893 17117 7ff682e95070 16891->17117 16894 7ff682e830b1 16892->16894 16893->16870 16893->16887 16895 7ff682e81710 144 API calls 16893->16895 16894->16870 16896 7ff682e81aa0 121 API calls 16894->16896 16895->16893 16897 7ff682e830d3 16896->16897 16897->16891 16901 7ff682e87c20 16900->16901 16902 7ff682e81ef0 49 API calls 16901->16902 16903 7ff682e87c61 16902->16903 16917 7ff682e87ce1 16903->16917 16980 7ff682e83f60 16903->16980 16905 7ff682e8bcc0 _wfindfirst32i64 8 API calls 16907 7ff682e81785 16905->16907 16907->16818 16907->16819 16908 7ff682e87d1b 16986 7ff682e877c0 16908->16986 16910 7ff682e87d04 16915 7ff682e82c50 59 API calls 16910->16915 16911 7ff682e87cd0 17000 7ff682e82c50 16911->17000 16912 7ff682e87b60 61 API calls 16918 7ff682e87c92 __std_exception_destroy 16912->16918 16915->16908 16916 7ff682e83fd0 116 API calls 16916->16917 16917->16905 16918->16910 16918->16911 16920 7ff682e810a6 16919->16920 16921 7ff682e810ad 16920->16921 16922 7ff682e810d3 16920->16922 16923 7ff682e82b30 59 API calls 16921->16923 16925 7ff682e810ed 16922->16925 16926 7ff682e81109 16922->16926 16924 7ff682e810c0 16923->16924 16924->16843 16927 7ff682e82890 59 API calls 16925->16927 16928 7ff682e8111b 16926->16928 16936 7ff682e81137 memcpy_s 16926->16936 16932 7ff682e81104 __std_exception_destroy 16927->16932 16929 7ff682e82890 59 API calls 16928->16929 16929->16932 16930 7ff682e904dc _fread_nolock 53 API calls 16930->16936 16931 7ff682e90250 37 API calls 16931->16936 16932->16843 16933 7ff682e811fe 16934 7ff682e82b30 59 API calls 16933->16934 16934->16932 16935 7ff682e90c1c 76 API calls 16935->16936 16936->16930 16936->16931 16936->16932 16936->16933 16936->16935 16938 7ff682e812c2 16937->16938 16939 7ff682e83fd0 116 API calls 16938->16939 16940 7ff682e812f2 16939->16940 16941 7ff682e812fa 16940->16941 16942 7ff682e81311 16940->16942 16944 7ff682e82b30 59 API calls 16941->16944 16943 7ff682e90814 73 API calls 16942->16943 16945 7ff682e81323 16943->16945 16949 7ff682e8130a __std_exception_destroy 16944->16949 16946 7ff682e8134d 16945->16946 16947 7ff682e81327 16945->16947 16953 7ff682e81368 16946->16953 16954 7ff682e81390 16946->16954 16948 7ff682e82890 59 API calls 16947->16948 16950 7ff682e8133e 16948->16950 16951 7ff682e8bcc0 _wfindfirst32i64 8 API calls 16949->16951 16952 7ff682e9018c 74 API calls 16950->16952 16957 7ff682e81454 16951->16957 16952->16949 16958 7ff682e82890 59 API calls 16953->16958 16955 7ff682e813aa 16954->16955 16956 7ff682e81463 16954->16956 16959 7ff682e81050 98 API calls 16955->16959 16965 7ff682e904dc _fread_nolock 53 API calls 16956->16965 16968 7ff682e814bb 16956->16968 16971 7ff682e813c3 16956->16971 16957->16820 16957->16821 16960 7ff682e81383 16958->16960 16961 7ff682e813bb 16959->16961 16963 7ff682e9018c 74 API calls 16960->16963 16967 7ff682e814d2 __std_exception_destroy 16961->16967 16961->16971 16962 7ff682e9018c 74 API calls 16964 7ff682e813cf 16962->16964 16963->16949 16966 7ff682e877c0 72 API calls 16964->16966 16965->16956 16970 7ff682e813de 16966->16970 16969 7ff682e9018c 74 API calls 16967->16969 16972 7ff682e82890 59 API calls 16968->16972 16969->16949 16970->16949 16973 7ff682e81ef0 49 API calls 16970->16973 16971->16962 16972->16967 16974 7ff682e8140c 16973->16974 16974->16949 17043 7ff682e84170 16974->17043 16977 7ff682e90c4c 16976->16977 17057 7ff682e9096c 16977->17057 16979 7ff682e90c6a 16979->16847 16981 7ff682e83f6a 16980->16981 16982 7ff682e88ae0 57 API calls 16981->16982 16983 7ff682e83f92 16982->16983 16984 7ff682e8bcc0 _wfindfirst32i64 8 API calls 16983->16984 16985 7ff682e83fba 16984->16985 16985->16908 16985->16912 16985->16918 16987 7ff682e877d0 16986->16987 16988 7ff682e81ef0 49 API calls 16987->16988 16989 7ff682e87801 16988->16989 16990 7ff682e87919 16989->16990 16991 7ff682e81ef0 49 API calls 16989->16991 16992 7ff682e8bcc0 _wfindfirst32i64 8 API calls 16990->16992 16994 7ff682e87828 16991->16994 16993 7ff682e8792e 16992->16993 16993->16916 16993->16917 16994->16990 17013 7ff682e960c8 16994->17013 17001 7ff682e82c70 17000->17001 17002 7ff682e94ac4 49 API calls 17001->17002 17003 7ff682e82cbb memcpy_s 17002->17003 17004 7ff682e88ae0 57 API calls 17003->17004 17005 7ff682e82cf0 17004->17005 17006 7ff682e82d2d MessageBoxA 17005->17006 17007 7ff682e82cf5 17005->17007 17009 7ff682e82d47 17006->17009 17008 7ff682e88ae0 57 API calls 17007->17008 17011 7ff682e82d0f MessageBoxW 17008->17011 17010 7ff682e8bcc0 _wfindfirst32i64 8 API calls 17009->17010 17011->17009 17014 7ff682e9b710 _CreateFrameInfo 45 API calls 17013->17014 17016 7ff682e960dd 17014->17016 17015 7ff682ea02a7 17016->17015 17021 7ff682ea01c6 17016->17021 17044 7ff682e84180 17043->17044 17045 7ff682e88ae0 57 API calls 17044->17045 17046 7ff682e841ae 17045->17046 17047 7ff682e88ae0 57 API calls 17046->17047 17053 7ff682e84221 17046->17053 17058 7ff682e9098c 17057->17058 17063 7ff682e909b9 17057->17063 17059 7ff682e909c1 17058->17059 17060 7ff682e90996 17058->17060 17058->17063 17064 7ff682e908ac 17059->17064 17061 7ff682e9add8 _invalid_parameter_noinfo 37 API calls 17060->17061 17061->17063 17063->16979 17073 7ff682e831e4 17072->17073 17074 7ff682e94ac4 49 API calls 17073->17074 17075 7ff682e8320a 17074->17075 17076 7ff682e8321b 17075->17076 17132 7ff682e95dec 17075->17132 17078 7ff682e8bcc0 _wfindfirst32i64 8 API calls 17076->17078 17079 7ff682e83239 17078->17079 17079->16862 17081 7ff682e875ae 17080->17081 17082 7ff682e83fd0 116 API calls 17081->17082 17083 7ff682e875dd 17082->17083 17084 7ff682e81ef0 49 API calls 17083->17084 17085 7ff682e87606 17084->17085 17086 7ff682e83f60 57 API calls 17085->17086 17102 7ff682e8760d 17085->17102 17088 7ff682e87620 17086->17088 17087 7ff682e87789 17092 7ff682e9018c 74 API calls 17087->17092 17110 7ff682e87785 17087->17110 17090 7ff682e876a4 17088->17090 17096 7ff682e87b60 61 API calls 17088->17096 17109 7ff682e8763e __std_exception_destroy 17088->17109 17089 7ff682e876e9 17312 7ff682e90224 17089->17312 17093 7ff682e877c0 72 API calls 17090->17093 17092->17110 17097 7ff682e876af 17093->17097 17094 7ff682e87677 17098 7ff682e82c50 59 API calls 17094->17098 17095 7ff682e8bcc0 _wfindfirst32i64 8 API calls 17100 7ff682e82eee 17095->17100 17096->17109 17097->17102 17103 7ff682e83fd0 116 API calls 17097->17103 17098->17102 17099 7ff682e87766 17100->16869 17100->16870 17101 7ff682e82c50 59 API calls 17101->17090 17102->17087 17102->17089 17103->17102 17105 7ff682e8768d 17105->17101 17106 7ff682e904dc _fread_nolock 53 API calls 17112 7ff682e876ee 17106->17112 17109->17094 17109->17105 17110->17095 17111 7ff682e90c1c 76 API calls 17111->17112 17112->17099 17112->17106 17112->17111 17113 7ff682e8772c 17112->17113 17114 7ff682e90250 37 API calls 17112->17114 17115 7ff682e90224 37 API calls 17112->17115 17114->17112 17115->17112 17118 7ff682e950aa 17117->17118 17119 7ff682e9507d 17117->17119 17120 7ff682e950cd 17118->17120 17123 7ff682e950e9 17118->17123 17121 7ff682e954c4 _get_daylight 11 API calls 17119->17121 17125 7ff682e95034 17119->17125 17122 7ff682e954c4 _get_daylight 11 API calls 17120->17122 17124 7ff682e95087 17121->17124 17126 7ff682e950d2 17122->17126 17127 7ff682e94f98 45 API calls 17123->17127 17128 7ff682e9aea4 _invalid_parameter_noinfo 37 API calls 17124->17128 17125->16891 17129 7ff682e9aea4 _invalid_parameter_noinfo 37 API calls 17126->17129 17131 7ff682e950dd 17127->17131 17130 7ff682e95092 17128->17130 17129->17131 17130->16891 17131->16891 17133 7ff682e95e15 17132->17133 17134 7ff682e95e09 17132->17134 17174 7ff682e94f98 17133->17174 17149 7ff682e95700 17134->17149 17137 7ff682e95e0e 17137->17076 17141 7ff682e95e4d 17185 7ff682e95584 17141->17185 17143 7ff682e95ea9 17143->17137 17146 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17143->17146 17144 7ff682e95ebd 17145 7ff682e95700 69 API calls 17144->17145 17147 7ff682e95ec9 17145->17147 17146->17137 17147->17137 17150 7ff682e95737 17149->17150 17151 7ff682e9571a 17149->17151 17150->17151 17153 7ff682e9574a CreateFileW 17150->17153 17152 7ff682e954a4 _fread_nolock 11 API calls 17151->17152 17154 7ff682e9571f 17152->17154 17155 7ff682e9577e 17153->17155 17156 7ff682e957b4 17153->17156 17158 7ff682e954c4 _get_daylight 11 API calls 17154->17158 17207 7ff682e95854 GetFileType 17155->17207 17233 7ff682e95cdc 17156->17233 17161 7ff682e95727 17158->17161 17165 7ff682e9aea4 _invalid_parameter_noinfo 37 API calls 17161->17165 17168 7ff682e95732 17165->17168 17168->17137 17175 7ff682e94fbc 17174->17175 17181 7ff682e94fb7 17174->17181 17176 7ff682e9b710 _CreateFrameInfo 45 API calls 17175->17176 17175->17181 17177 7ff682e94fd7 17176->17177 17295 7ff682e9df44 17177->17295 17181->17141 17182 7ff682e9f3e4 17181->17182 17303 7ff682e9f1d0 17182->17303 17186 7ff682e955d2 17185->17186 17187 7ff682e955ae 17185->17187 17188 7ff682e955d7 17186->17188 17189 7ff682e9562c 17186->17189 17191 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17187->17191 17194 7ff682e955bd 17187->17194 17192 7ff682e955ec 17188->17192 17188->17194 17195 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17188->17195 17190 7ff682e9fc00 _fread_nolock MultiByteToWideChar 17189->17190 17202 7ff682e95648 17190->17202 17191->17194 17196 7ff682e9dbbc _fread_nolock 12 API calls 17192->17196 17193 7ff682e9564f GetLastError 17197 7ff682e95438 _fread_nolock 11 API calls 17193->17197 17194->17143 17194->17144 17195->17192 17196->17194 17198 7ff682e9568a 17198->17194 17199 7ff682e9fc00 _fread_nolock MultiByteToWideChar 17198->17199 17201 7ff682e9567d 17202->17193 17202->17198 17202->17201 17205 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17202->17205 17205->17201 17208 7ff682e9595f 17207->17208 17209 7ff682e958a2 17207->17209 17210 7ff682e95967 17208->17210 17211 7ff682e95989 17208->17211 17212 7ff682e958ce GetFileInformationByHandle 17209->17212 17217 7ff682e95bd8 21 API calls 17209->17217 17213 7ff682e9597a GetLastError 17210->17213 17214 7ff682e9596b 17210->17214 17216 7ff682e959ac PeekNamedPipe 17211->17216 17231 7ff682e9594a 17211->17231 17212->17213 17215 7ff682e958f7 17212->17215 17220 7ff682e95438 _fread_nolock 11 API calls 17213->17220 17218 7ff682e954c4 _get_daylight 11 API calls 17214->17218 17219 7ff682e95a9c 51 API calls 17215->17219 17216->17231 17221 7ff682e958bc 17217->17221 17218->17231 17220->17231 17221->17212 17221->17231 17223 7ff682e8bcc0 _wfindfirst32i64 8 API calls 17231->17223 17234 7ff682e95d12 17233->17234 17235 7ff682e954c4 _get_daylight 11 API calls 17234->17235 17253 7ff682e95daa __std_exception_destroy 17234->17253 17237 7ff682e95d24 17235->17237 17236 7ff682e8bcc0 _wfindfirst32i64 8 API calls 17238 7ff682e957b9 17236->17238 17239 7ff682e954c4 _get_daylight 11 API calls 17237->17239 17253->17236 17296 7ff682e9df59 17295->17296 17298 7ff682e94ffa 17295->17298 17297 7ff682ea3974 45 API calls 17296->17297 17296->17298 17297->17298 17299 7ff682e9dfb0 17298->17299 17300 7ff682e9dfc5 17299->17300 17301 7ff682e9dfd8 17299->17301 17300->17301 17302 7ff682ea2cc0 45 API calls 17300->17302 17301->17181 17302->17301 17304 7ff682e9f228 __vcrt_InitializeCriticalSectionEx 17303->17304 17305 7ff682e9f22d 17303->17305 17304->17305 17306 7ff682e9f25d LoadLibraryExW 17304->17306 17307 7ff682e9f352 GetProcAddress 17304->17307 17311 7ff682e9f2bc LoadLibraryExW 17304->17311 17305->17141 17308 7ff682e9f332 17306->17308 17309 7ff682e9f282 GetLastError 17306->17309 17307->17305 17308->17307 17310 7ff682e9f349 FreeLibrary 17308->17310 17309->17304 17310->17307 17311->17304 17311->17308 17313 7ff682e9023d 17312->17313 17314 7ff682e9022d 17312->17314 17313->17112 17315 7ff682e954c4 _get_daylight 11 API calls 17314->17315 17316 7ff682e90232 17315->17316 17317 7ff682e9aea4 _invalid_parameter_noinfo 37 API calls 17316->17317 17317->17313 17339 7ff682e8812a 17338->17339 17340 7ff682e9aa1d 17338->17340 17344 7ff682e98630 17339->17344 17341 7ff682e954c4 _get_daylight 11 API calls 17340->17341 17342 7ff682e9aa22 17341->17342 17343 7ff682e9aea4 _invalid_parameter_noinfo 37 API calls 17342->17343 17343->17339 17345 7ff682e98639 17344->17345 17347 7ff682e9864e 17344->17347 17346 7ff682e954a4 _fread_nolock 11 API calls 17345->17346 17348 7ff682e9863e 17346->17348 17349 7ff682e954a4 _fread_nolock 11 API calls 17347->17349 17352 7ff682e98646 17347->17352 17350 7ff682e954c4 _get_daylight 11 API calls 17348->17350 17351 7ff682e98689 17349->17351 17350->17352 17353 7ff682e954c4 _get_daylight 11 API calls 17351->17353 17352->15439 17357 7ff682e8bf2e RtlLookupFunctionEntry 17356->17357 17358 7ff682e8bf44 RtlVirtualUnwind 17357->17358 17359 7ff682e8bd4b 17357->17359 17358->17357 17358->17359 17360 7ff682e8bce0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 17359->17360 17362 7ff682e963dc 17361->17362 17363 7ff682e96402 17362->17363 17366 7ff682e96435 17362->17366 17364 7ff682e954c4 _get_daylight 11 API calls 17363->17364 17365 7ff682e96407 17364->17365 17367 7ff682e9aea4 _invalid_parameter_noinfo 37 API calls 17365->17367 17368 7ff682e96448 17366->17368 17369 7ff682e9643b 17366->17369 17372 7ff682e84029 17367->17372 17380 7ff682e9b1ec 17368->17380 17370 7ff682e954c4 _get_daylight 11 API calls 17369->17370 17370->17372 17372->15484 17393 7ff682ea0cb8 EnterCriticalSection 17380->17393 17741 7ff682e990a0 17740->17741 17744 7ff682e98b7c 17741->17744 17743 7ff682e990b9 17743->15494 17745 7ff682e98b97 17744->17745 17746 7ff682e98bc6 17744->17746 17747 7ff682e9add8 _invalid_parameter_noinfo 37 API calls 17745->17747 17754 7ff682e9536c EnterCriticalSection 17746->17754 17749 7ff682e98bb7 17747->17749 17749->17743 17756 7ff682e8ffb1 17755->17756 17757 7ff682e8ff83 17755->17757 17758 7ff682e8ffa3 17756->17758 17765 7ff682e9536c EnterCriticalSection 17756->17765 17759 7ff682e9add8 _invalid_parameter_noinfo 37 API calls 17757->17759 17758->15498 17759->17758 17767 7ff682e83fd0 116 API calls 17766->17767 17768 7ff682e815c7 17767->17768 17769 7ff682e815f0 17768->17769 17770 7ff682e815cf 17768->17770 17771 7ff682e90814 73 API calls 17769->17771 17772 7ff682e82b30 59 API calls 17770->17772 17773 7ff682e81601 17771->17773 17774 7ff682e815df 17772->17774 17775 7ff682e81605 17773->17775 17776 7ff682e81621 17773->17776 17774->15517 17777 7ff682e82890 59 API calls 17775->17777 17778 7ff682e81651 17776->17778 17779 7ff682e81631 17776->17779 17786 7ff682e8161c __std_exception_destroy 17777->17786 17781 7ff682e81666 17778->17781 17787 7ff682e8167d 17778->17787 17780 7ff682e82890 59 API calls 17779->17780 17780->17786 17784 7ff682e81050 98 API calls 17781->17784 17782 7ff682e9018c 74 API calls 17783 7ff682e816f7 17782->17783 17783->15517 17784->17786 17785 7ff682e904dc _fread_nolock 53 API calls 17785->17787 17786->17782 17787->17785 17787->17786 17788 7ff682e816be 17787->17788 17789 7ff682e82890 59 API calls 17788->17789 17789->17786 17792 7ff682e819d3 17790->17792 17793 7ff682e8196f 17790->17793 17791 7ff682e95070 45 API calls 17791->17793 17792->15535 17793->17791 17793->17792 17795 7ff682e88ae0 57 API calls 17794->17795 17796 7ff682e88277 LoadLibraryExW 17795->17796 17797 7ff682e88294 __std_exception_destroy 17796->17797 17797->15544 17799 7ff682e86f3c GetProcAddress 17798->17799 17800 7ff682e86f19 17798->17800 17799->17800 17801 7ff682e86f61 GetProcAddress 17799->17801 17803 7ff682e829e0 57 API calls 17800->17803 17801->17800 17802 7ff682e86f86 GetProcAddress 17801->17802 17802->17800 17804 7ff682e86fae GetProcAddress 17802->17804 17805 7ff682e86f2c 17803->17805 17804->17800 17806 7ff682e86fd6 GetProcAddress 17804->17806 17805->15550 17806->17800 17807 7ff682e86ffe GetProcAddress 17806->17807 17808 7ff682e8701a 17807->17808 17809 7ff682e87026 GetProcAddress 17807->17809 17808->17809 17810 7ff682e87042 17809->17810 17811 7ff682e8704e GetProcAddress 17809->17811 17810->17811 17812 7ff682e8706a 17811->17812 17813 7ff682e87076 GetProcAddress 17811->17813 17812->17813 17857->15559 17858->15562 17860 7ff682e85bd0 17859->17860 17861 7ff682e81ef0 49 API calls 17860->17861 17862 7ff682e85c02 17861->17862 17863 7ff682e85c2b 17862->17863 17864 7ff682e85c0b 17862->17864 17866 7ff682e85c82 17863->17866 17868 7ff682e84050 49 API calls 17863->17868 17865 7ff682e82b30 59 API calls 17864->17865 17886 7ff682e85c21 17865->17886 17867 7ff682e84050 49 API calls 17866->17867 17870 7ff682e85c9b 17867->17870 17869 7ff682e85c4c 17868->17869 17871 7ff682e85c6a 17869->17871 17874 7ff682e82b30 59 API calls 17869->17874 17873 7ff682e85cb9 17870->17873 17877 7ff682e82b30 59 API calls 17870->17877 17875 7ff682e83f60 57 API calls 17871->17875 17872 7ff682e8bcc0 _wfindfirst32i64 8 API calls 17876 7ff682e8346e 17872->17876 17878 7ff682e88260 58 API calls 17873->17878 17874->17871 17882 7ff682e85c74 17875->17882 17876->15571 17887 7ff682e85d20 17876->17887 17877->17873 17879 7ff682e85cc6 17878->17879 17880 7ff682e85ced 17879->17880 17881 7ff682e85ccb 17879->17881 17957 7ff682e851e0 GetProcAddress 17880->17957 17883 7ff682e829e0 57 API calls 17881->17883 17882->17866 17885 7ff682e88260 58 API calls 17882->17885 17883->17886 17885->17866 17886->17872 18041 7ff682e84de0 17887->18041 17889 7ff682e85d44 17890 7ff682e85d5d 17889->17890 17891 7ff682e85d4c 17889->17891 18048 7ff682e84530 17890->18048 17892 7ff682e82b30 59 API calls 17891->17892 17926 7ff682e85d58 17892->17926 17895 7ff682e85d7a 17898 7ff682e85d87 17895->17898 17900 7ff682e85d98 17895->17900 17896 7ff682e85d69 17897 7ff682e82b30 59 API calls 17896->17897 17897->17926 17899 7ff682e82b30 59 API calls 17898->17899 17899->17926 18052 7ff682e84870 17900->18052 17902 7ff682e85db3 17926->15573 17929 7ff682e85937 17928->17929 17929->17929 17930 7ff682e85960 17929->17930 17936 7ff682e85977 __std_exception_destroy 17929->17936 17931 7ff682e82b30 59 API calls 17930->17931 17932 7ff682e8596c 17931->17932 17932->15575 17933 7ff682e85a67 17933->15575 17934 7ff682e815a0 122 API calls 17934->17936 17935 7ff682e82b30 59 API calls 17935->17936 17936->17933 17936->17934 17936->17935 17938 7ff682e85ab5 17937->17938 17941 7ff682e85b7e 17937->17941 17938->17941 17958 7ff682e85202 17957->17958 17959 7ff682e85220 GetProcAddress 17957->17959 17962 7ff682e829e0 57 API calls 17958->17962 17959->17958 17960 7ff682e85245 GetProcAddress 17959->17960 17960->17958 17961 7ff682e8526a GetProcAddress 17960->17961 17961->17958 17964 7ff682e85292 GetProcAddress 17961->17964 17963 7ff682e85215 17962->17963 17963->17886 17964->17958 17965 7ff682e852ba GetProcAddress 17964->17965 17965->17958 17966 7ff682e852e2 GetProcAddress 17965->17966 17966->17958 17967 7ff682e8530a GetProcAddress 17966->17967 17968 7ff682e85326 17967->17968 17969 7ff682e85332 GetProcAddress 17967->17969 17968->17969 17970 7ff682e8535a GetProcAddress 17969->17970 17971 7ff682e8534e 17969->17971 17972 7ff682e85376 17970->17972 17973 7ff682e85382 GetProcAddress 17970->17973 17971->17970 17972->17973 17974 7ff682e853aa GetProcAddress 17973->17974 17975 7ff682e8539e 17973->17975 17975->17974 18043 7ff682e84e05 18041->18043 18042 7ff682e84e0d 18042->17889 18043->18042 18044 7ff682e84f9f 18043->18044 18083 7ff682e96fb8 18043->18083 18045 7ff682e8514a __std_exception_destroy 18044->18045 18046 7ff682e84250 47 API calls 18044->18046 18045->17889 18046->18044 18049 7ff682e84560 18048->18049 18050 7ff682e8bcc0 _wfindfirst32i64 8 API calls 18049->18050 18051 7ff682e845c2 18050->18051 18051->17895 18051->17896 18053 7ff682e848e1 18052->18053 18056 7ff682e84884 18052->18056 18054 7ff682e843d0 57 API calls 18053->18054 18055 7ff682e848f1 18054->18055 18055->17902 18058 7ff682e848cc 18056->18058 18141 7ff682e843d0 18056->18141 18058->17902 18084 7ff682e96fe8 18083->18084 18087 7ff682e964b4 18084->18087 18086 7ff682e97018 18086->18043 18088 7ff682e964e5 18087->18088 18089 7ff682e964f7 18087->18089 18090 7ff682e954c4 _get_daylight 11 API calls 18088->18090 18091 7ff682e96541 18089->18091 18094 7ff682e96504 18089->18094 18093 7ff682e964ea 18090->18093 18092 7ff682e9655c 18091->18092 18096 7ff682e94900 45 API calls 18091->18096 18099 7ff682e9657e 18092->18099 18108 7ff682e96f40 18092->18108 18098 7ff682e9aea4 _invalid_parameter_noinfo 37 API calls 18093->18098 18095 7ff682e9add8 _invalid_parameter_noinfo 37 API calls 18094->18095 18103 7ff682e964f5 18095->18103 18096->18092 18098->18103 18100 7ff682e9661f 18099->18100 18101 7ff682e954c4 _get_daylight 11 API calls 18099->18101 18102 7ff682e954c4 _get_daylight 11 API calls 18100->18102 18100->18103 18104 7ff682e96614 18101->18104 18105 7ff682e966ca 18102->18105 18103->18086 18106 7ff682e9aea4 _invalid_parameter_noinfo 37 API calls 18104->18106 18107 7ff682e9aea4 _invalid_parameter_noinfo 37 API calls 18105->18107 18106->18100 18107->18103 18109 7ff682e96f63 18108->18109 18111 7ff682e96f7a 18108->18111 18114 7ff682ea0948 18109->18114 18112 7ff682e96f68 18111->18112 18119 7ff682ea0978 18111->18119 18112->18092 18115 7ff682e9b710 _CreateFrameInfo 45 API calls 18114->18115 18116 7ff682ea0951 18115->18116 18117 7ff682e9df44 45 API calls 18116->18117 18120 7ff682e94f98 45 API calls 18119->18120 18122 7ff682ea09b1 18120->18122 18121 7ff682ea09bd 18122->18121 18126 7ff682ea34b0 18122->18126 18219 7ff682e9b710 _CreateFrameInfo 45 API calls 18218->18219 18221 7ff682e9a971 18219->18221 18220 7ff682e9aa9c _CreateFrameInfo 45 API calls 18222 7ff682e9a991 18220->18222 18221->18220 18711 7ff682ea84f0 18714 7ff682ea2c60 18711->18714 18715 7ff682ea2cb2 18714->18715 18716 7ff682ea2c6d 18714->18716 18720 7ff682e9b7e4 18716->18720 18721 7ff682e9b810 FlsSetValue 18720->18721 18722 7ff682e9b7f5 FlsGetValue 18720->18722 18723 7ff682e9b802 18721->18723 18724 7ff682e9b81d 18721->18724 18722->18723 18725 7ff682e9b80a 18722->18725 18726 7ff682e9b808 18723->18726 18727 7ff682e9aa9c _CreateFrameInfo 45 API calls 18723->18727 18728 7ff682e9f158 _get_daylight 11 API calls 18724->18728 18725->18721 18740 7ff682ea2934 18726->18740 18729 7ff682e9b885 18727->18729 18730 7ff682e9b82c 18728->18730 18731 7ff682e9b84a FlsSetValue 18730->18731 18732 7ff682e9b83a FlsSetValue 18730->18732 18734 7ff682e9b856 FlsSetValue 18731->18734 18735 7ff682e9b868 18731->18735 18733 7ff682e9b843 18732->18733 18736 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18733->18736 18734->18733 18737 7ff682e9b4b8 _get_daylight 11 API calls 18735->18737 18736->18723 18738 7ff682e9b870 18737->18738 18739 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18738->18739 18739->18726 18763 7ff682ea2ba4 18740->18763 18742 7ff682ea2969 18778 7ff682ea2634 18742->18778 18745 7ff682e9dbbc _fread_nolock 12 API calls 18746 7ff682ea2997 18745->18746 18747 7ff682ea299f 18746->18747 18749 7ff682ea29ae 18746->18749 18748 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18747->18748 18762 7ff682ea2986 18748->18762 18749->18749 18785 7ff682ea2cdc 18749->18785 18752 7ff682ea2aaa 18753 7ff682e954c4 _get_daylight 11 API calls 18752->18753 18755 7ff682ea2aaf 18753->18755 18754 7ff682ea2b05 18757 7ff682ea2b6c 18754->18757 18796 7ff682ea2464 18754->18796 18758 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18755->18758 18756 7ff682ea2ac4 18756->18754 18759 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18756->18759 18761 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18757->18761 18758->18762 18759->18754 18761->18762 18762->18715 18764 7ff682ea2bc7 18763->18764 18765 7ff682ea2bd1 18764->18765 18811 7ff682ea0cb8 EnterCriticalSection 18764->18811 18768 7ff682ea2c43 18765->18768 18770 7ff682e9aa9c _CreateFrameInfo 45 API calls 18765->18770 18768->18742 18773 7ff682ea2c5b 18770->18773 18772 7ff682ea2cb2 18772->18742 18773->18772 18775 7ff682e9b7e4 50 API calls 18773->18775 18776 7ff682ea2c9c 18775->18776 18777 7ff682ea2934 65 API calls 18776->18777 18777->18772 18779 7ff682e94f98 45 API calls 18778->18779 18780 7ff682ea2648 18779->18780 18781 7ff682ea2654 GetOEMCP 18780->18781 18782 7ff682ea2666 18780->18782 18783 7ff682ea267b 18781->18783 18782->18783 18784 7ff682ea266b GetACP 18782->18784 18783->18745 18783->18762 18784->18783 18786 7ff682ea2634 47 API calls 18785->18786 18787 7ff682ea2d09 18786->18787 18788 7ff682ea2e5f 18787->18788 18789 7ff682ea2d46 IsValidCodePage 18787->18789 18795 7ff682ea2d60 memcpy_s 18787->18795 18790 7ff682e8bcc0 _wfindfirst32i64 8 API calls 18788->18790 18789->18788 18792 7ff682ea2d57 18789->18792 18791 7ff682ea2aa1 18790->18791 18791->18752 18791->18756 18793 7ff682ea2d86 GetCPInfo 18792->18793 18792->18795 18793->18788 18793->18795 18812 7ff682ea274c 18795->18812 18868 7ff682ea0cb8 EnterCriticalSection 18796->18868 18813 7ff682ea2789 GetCPInfo 18812->18813 18822 7ff682ea287f 18812->18822 18817 7ff682ea279c 18813->18817 18813->18822 18814 7ff682e8bcc0 _wfindfirst32i64 8 API calls 18816 7ff682ea291e 18814->18816 18815 7ff682ea34b0 48 API calls 18818 7ff682ea2813 18815->18818 18816->18788 18817->18815 18823 7ff682ea8454 18818->18823 18821 7ff682ea8454 54 API calls 18821->18822 18822->18814 18824 7ff682e94f98 45 API calls 18823->18824 18825 7ff682ea8479 18824->18825 18828 7ff682ea8120 18825->18828 18829 7ff682ea8161 18828->18829 18830 7ff682e9fc00 _fread_nolock MultiByteToWideChar 18829->18830 18834 7ff682ea81ab 18830->18834 18831 7ff682ea8429 18832 7ff682e8bcc0 _wfindfirst32i64 8 API calls 18831->18832 18833 7ff682ea2846 18832->18833 18833->18821 18834->18831 18835 7ff682e9dbbc _fread_nolock 12 API calls 18834->18835 18836 7ff682ea81e3 18834->18836 18847 7ff682ea82e1 18834->18847 18835->18836 18838 7ff682e9fc00 _fread_nolock MultiByteToWideChar 18836->18838 18836->18847 18837 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18837->18831 18839 7ff682ea8256 18838->18839 18839->18847 18859 7ff682e9f5a4 18839->18859 18842 7ff682ea82a1 18844 7ff682e9f5a4 __crtLCMapStringW 6 API calls 18842->18844 18842->18847 18843 7ff682ea82f2 18845 7ff682e9dbbc _fread_nolock 12 API calls 18843->18845 18846 7ff682ea83c4 18843->18846 18849 7ff682ea8310 18843->18849 18844->18847 18845->18849 18846->18847 18848 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18846->18848 18847->18831 18847->18837 18848->18847 18849->18847 18850 7ff682e9f5a4 __crtLCMapStringW 6 API calls 18849->18850 18851 7ff682ea8390 18850->18851 18851->18846 18852 7ff682ea83b0 18851->18852 18853 7ff682ea83c6 18851->18853 18854 7ff682ea04c8 WideCharToMultiByte 18852->18854 18855 7ff682ea04c8 WideCharToMultiByte 18853->18855 18856 7ff682ea83be 18854->18856 18855->18856 18856->18846 18857 7ff682ea83de 18856->18857 18857->18847 18858 7ff682e9af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18857->18858 18858->18847 18860 7ff682e9f1d0 __crtLCMapStringW 5 API calls 18859->18860 18861 7ff682e9f5e2 18860->18861 18862 7ff682e9f5ea 18861->18862 18865 7ff682e9f690 18861->18865 18862->18842 18862->18843 18862->18847 18864 7ff682e9f653 LCMapStringW 18864->18862 18866 7ff682e9f1d0 __crtLCMapStringW 5 API calls 18865->18866 18867 7ff682e9f6be __crtLCMapStringW 18866->18867 18867->18864 19293 7ff682eaa96e 19294 7ff682eaa97e 19293->19294 19297 7ff682e95378 LeaveCriticalSection 19294->19297 18918 7ff682eaaaf4 18921 7ff682e95378 LeaveCriticalSection 18918->18921 18223 7ff682e9fcec 18224 7ff682e9fede 18223->18224 18226 7ff682e9fd2e _isindst 18223->18226 18225 7ff682e954c4 _get_daylight 11 API calls 18224->18225 18243 7ff682e9fece 18225->18243 18226->18224 18229 7ff682e9fdae _isindst 18226->18229 18227 7ff682e8bcc0 _wfindfirst32i64 8 API calls 18228 7ff682e9fef9 18227->18228 18244 7ff682ea6904 18229->18244 18234 7ff682e9ff0a 18235 7ff682e9aec4 _wfindfirst32i64 17 API calls 18234->18235 18237 7ff682e9ff1e 18235->18237 18241 7ff682e9fe0b 18241->18243 18268 7ff682ea6948 18241->18268 18243->18227 18245 7ff682e9fdcc 18244->18245 18246 7ff682ea6913 18244->18246 18250 7ff682ea5d08 18245->18250 18275 7ff682ea0cb8 EnterCriticalSection 18246->18275 18251 7ff682ea5d11 18250->18251 18255 7ff682e9fde1 18250->18255 18252 7ff682e954c4 _get_daylight 11 API calls 18251->18252 18253 7ff682ea5d16 18252->18253 18254 7ff682e9aea4 _invalid_parameter_noinfo 37 API calls 18253->18254 18254->18255 18255->18234 18256 7ff682ea5d38 18255->18256 18257 7ff682ea5d41 18256->18257 18258 7ff682e9fdf2 18256->18258 18259 7ff682e954c4 _get_daylight 11 API calls 18257->18259 18258->18234 18262 7ff682ea5d68 18258->18262 18260 7ff682ea5d46 18259->18260 18261 7ff682e9aea4 _invalid_parameter_noinfo 37 API calls 18260->18261 18261->18258 18263 7ff682ea5d71 18262->18263 18267 7ff682e9fe03 18262->18267 18264 7ff682e954c4 _get_daylight 11 API calls 18263->18264 18265 7ff682ea5d76 18264->18265 18266 7ff682e9aea4 _invalid_parameter_noinfo 37 API calls 18265->18266 18266->18267 18267->18234 18267->18241 18276 7ff682ea0cb8 EnterCriticalSection 18268->18276 18939 7ff682e9a2e0 18942 7ff682e9a25c 18939->18942 18949 7ff682ea0cb8 EnterCriticalSection 18942->18949 18950 7ff682e9cae0 18961 7ff682ea0cb8 EnterCriticalSection 18950->18961

                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                  Function 00007FF682EA6370 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 133 7ff682ea6370-7ff682ea63ab call 7ff682ea5cf8 call 7ff682ea5d00 call 7ff682ea5d68 140 7ff682ea63b1-7ff682ea63bc call 7ff682ea5d08 133->140 141 7ff682ea65d5-7ff682ea6621 call 7ff682e9aec4 call 7ff682ea5cf8 call 7ff682ea5d00 call 7ff682ea5d68 133->141 140->141 146 7ff682ea63c2-7ff682ea63cc 140->146 168 7ff682ea675f-7ff682ea67cd call 7ff682e9aec4 call 7ff682ea1be8 141->168 169 7ff682ea6627-7ff682ea6632 call 7ff682ea5d08 141->169 148 7ff682ea63ee-7ff682ea63f2 146->148 149 7ff682ea63ce-7ff682ea63d1 146->149 152 7ff682ea63f5-7ff682ea63fd 148->152 151 7ff682ea63d4-7ff682ea63df 149->151 154 7ff682ea63e1-7ff682ea63e8 151->154 155 7ff682ea63ea-7ff682ea63ec 151->155 152->152 156 7ff682ea63ff-7ff682ea6412 call 7ff682e9dbbc 152->156 154->151 154->155 155->148 158 7ff682ea641b-7ff682ea6429 155->158 163 7ff682ea6414-7ff682ea6416 call 7ff682e9af0c 156->163 164 7ff682ea642a-7ff682ea6436 call 7ff682e9af0c 156->164 163->158 174 7ff682ea643d-7ff682ea6445 164->174 187 7ff682ea67cf-7ff682ea67d6 168->187 188 7ff682ea67db-7ff682ea67de 168->188 169->168 176 7ff682ea6638-7ff682ea6643 call 7ff682ea5d38 169->176 174->174 177 7ff682ea6447-7ff682ea6458 call 7ff682ea0e54 174->177 176->168 185 7ff682ea6649-7ff682ea666c call 7ff682e9af0c GetTimeZoneInformation 176->185 177->141 186 7ff682ea645e-7ff682ea64b4 call 7ff682e8d0e0 * 4 call 7ff682ea628c 177->186 202 7ff682ea6672-7ff682ea6693 185->202 203 7ff682ea6734-7ff682ea675e call 7ff682ea5cf0 call 7ff682ea5ce0 call 7ff682ea5ce8 185->203 245 7ff682ea64b6-7ff682ea64ba 186->245 193 7ff682ea686b-7ff682ea686e 187->193 189 7ff682ea67e0 188->189 190 7ff682ea6815-7ff682ea6828 call 7ff682e9dbbc 188->190 194 7ff682ea67e3 189->194 212 7ff682ea6833-7ff682ea684e call 7ff682ea1be8 190->212 213 7ff682ea682a 190->213 193->194 195 7ff682ea6874-7ff682ea687c call 7ff682ea6370 193->195 200 7ff682ea67e8-7ff682ea6814 call 7ff682e9af0c call 7ff682e8bcc0 194->200 201 7ff682ea67e3 call 7ff682ea65ec 194->201 195->200 201->200 207 7ff682ea669e-7ff682ea66a5 202->207 208 7ff682ea6695-7ff682ea669b 202->208 215 7ff682ea66a7-7ff682ea66af 207->215 216 7ff682ea66b9 207->216 208->207 230 7ff682ea6850-7ff682ea6853 212->230 231 7ff682ea6855-7ff682ea6867 call 7ff682e9af0c 212->231 220 7ff682ea682c-7ff682ea6831 call 7ff682e9af0c 213->220 215->216 222 7ff682ea66b1-7ff682ea66b7 215->222 225 7ff682ea66bb-7ff682ea672f call 7ff682e8d0e0 * 4 call 7ff682ea31cc call 7ff682ea6884 * 2 216->225 220->189 222->225 225->203 230->220 231->193 247 7ff682ea64c0-7ff682ea64c4 245->247 248 7ff682ea64bc 245->248 247->245 250 7ff682ea64c6-7ff682ea64eb call 7ff682e9706c 247->250 248->247 256 7ff682ea64ee-7ff682ea64f2 250->256 258 7ff682ea6501-7ff682ea6505 256->258 259 7ff682ea64f4-7ff682ea64ff 256->259 258->256 259->258 261 7ff682ea6507-7ff682ea650b 259->261 264 7ff682ea650d-7ff682ea6535 call 7ff682e9706c 261->264 265 7ff682ea658c-7ff682ea6590 261->265 274 7ff682ea6553-7ff682ea6557 264->274 275 7ff682ea6537 264->275 266 7ff682ea6592-7ff682ea6594 265->266 267 7ff682ea6597-7ff682ea65a4 265->267 266->267 269 7ff682ea65bf-7ff682ea65ce call 7ff682ea5cf0 call 7ff682ea5ce0 267->269 270 7ff682ea65a6-7ff682ea65bc call 7ff682ea628c 267->270 269->141 270->269 274->265 278 7ff682ea6559-7ff682ea6577 call 7ff682e9706c 274->278 276 7ff682ea653a-7ff682ea6541 275->276 276->274 280 7ff682ea6543-7ff682ea6551 276->280 285 7ff682ea6583-7ff682ea658a 278->285 280->274 280->276 285->265 286 7ff682ea6579-7ff682ea657d 285->286 286->265 287 7ff682ea657f 286->287 287->285
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF682EA63B5
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682EA5D08: _invalid_parameter_noinfo.LIBCMT ref: 00007FF682EA5D1C
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682E9AF0C: RtlFreeHeap.NTDLL(?,?,?,00007FF682EA3392,?,?,?,00007FF682EA33CF,?,?,00000000,00007FF682EA3895,?,?,00000000,00007FF682EA37C7), ref: 00007FF682E9AF22
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682E9AF0C: GetLastError.KERNEL32(?,?,?,00007FF682EA3392,?,?,?,00007FF682EA33CF,?,?,00000000,00007FF682EA3895,?,?,00000000,00007FF682EA37C7), ref: 00007FF682E9AF2C
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682E9AEC4: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF682E9AEA3,?,?,?,?,?,00007FF682E930CC), ref: 00007FF682E9AECD
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682E9AEC4: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF682E9AEA3,?,?,?,?,?,00007FF682E930CC), ref: 00007FF682E9AEF2
                                                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF682EA63A4
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682EA5D68: _invalid_parameter_noinfo.LIBCMT ref: 00007FF682EA5D7C
                                                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF682EA661A
                                                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF682EA662B
                                                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF682EA663C
                                                                                                                                                                                                                                                  • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF682EA687C), ref: 00007FF682EA6663
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                                  • API String ID: 4070488512-239921721
                                                                                                                                                                                                                                                  • Opcode ID: 54e1ccf0b1e099ab2aef5fd1d20d70d6c7b19d4e9a74b58f9fc53268ba567377
                                                                                                                                                                                                                                                  • Instruction ID: 8e9287d4b05ecb88fa73ff73a3c929a430f16936040a73039d7768ba77da9f94
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 54e1ccf0b1e099ab2aef5fd1d20d70d6c7b19d4e9a74b58f9fc53268ba567377
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90D1F466E18202C6EB24DF21D4581B927A1FFA5B8CF40413DEA4ED7A89DFBCE441C748
                                                                                                                                                                                                                                                  Function 00007FF682EA72BC Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 318 7ff682ea72bc-7ff682ea732f call 7ff682ea6ff0 321 7ff682ea7331-7ff682ea733a call 7ff682e954a4 318->321 322 7ff682ea7349-7ff682ea7353 call 7ff682e98434 318->322 329 7ff682ea733d-7ff682ea7344 call 7ff682e954c4 321->329 327 7ff682ea736e-7ff682ea73d7 CreateFileW 322->327 328 7ff682ea7355-7ff682ea736c call 7ff682e954a4 call 7ff682e954c4 322->328 331 7ff682ea7454-7ff682ea745f GetFileType 327->331 332 7ff682ea73d9-7ff682ea73df 327->332 328->329 340 7ff682ea768a-7ff682ea76aa 329->340 334 7ff682ea7461-7ff682ea749c GetLastError call 7ff682e95438 CloseHandle 331->334 335 7ff682ea74b2-7ff682ea74b9 331->335 337 7ff682ea7421-7ff682ea744f GetLastError call 7ff682e95438 332->337 338 7ff682ea73e1-7ff682ea73e5 332->338 334->329 352 7ff682ea74a2-7ff682ea74ad call 7ff682e954c4 334->352 343 7ff682ea74c1-7ff682ea74c4 335->343 344 7ff682ea74bb-7ff682ea74bf 335->344 337->329 338->337 345 7ff682ea73e7-7ff682ea741f CreateFileW 338->345 349 7ff682ea74ca-7ff682ea751f call 7ff682e9834c 343->349 350 7ff682ea74c6 343->350 344->349 345->331 345->337 357 7ff682ea753e-7ff682ea756f call 7ff682ea6d70 349->357 358 7ff682ea7521-7ff682ea752d call 7ff682ea71f8 349->358 350->349 352->329 364 7ff682ea7571-7ff682ea7573 357->364 365 7ff682ea7575-7ff682ea75b7 357->365 358->357 363 7ff682ea752f 358->363 366 7ff682ea7531-7ff682ea7539 call 7ff682e9b084 363->366 364->366 367 7ff682ea75d9-7ff682ea75e4 365->367 368 7ff682ea75b9-7ff682ea75bd 365->368 366->340 371 7ff682ea7688 367->371 372 7ff682ea75ea-7ff682ea75ee 367->372 368->367 370 7ff682ea75bf-7ff682ea75d4 368->370 370->367 371->340 372->371 374 7ff682ea75f4-7ff682ea7639 CloseHandle CreateFileW 372->374 375 7ff682ea766e-7ff682ea7683 374->375 376 7ff682ea763b-7ff682ea7669 GetLastError call 7ff682e95438 call 7ff682e98574 374->376 375->371 376->375
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1617910340-0
                                                                                                                                                                                                                                                  • Opcode ID: d1d4f06f2925cf98ba43065425f03779d4007acc0884ea13a9d80746d18551ee
                                                                                                                                                                                                                                                  • Instruction ID: 99f600d28d5be90c13a3004ab5abb51b9814472d340fea5a0420daacbf211c65
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1d4f06f2925cf98ba43065425f03779d4007acc0884ea13a9d80746d18551ee
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9AC1A032B24A42D5EB50CF68C4942AD3B71FB99B98B01422DDE2FAB395CF78D456C344
                                                                                                                                                                                                                                                  Function 00007FF682E87950 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 141COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(00000000,?,00000000,00000000,?,00007FF682E8154F), ref: 00007FF682E879E7
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682E87B60: GetEnvironmentVariableW.KERNEL32(00007FF682E83A1F), ref: 00007FF682E87B9A
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682E87B60: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF682E87BB7
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682E97DEC: _invalid_parameter_noinfo.LIBCMT ref: 00007FF682E97E05
                                                                                                                                                                                                                                                  • SetEnvironmentVariableW.KERNEL32 ref: 00007FF682E87AA1
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682E82B30: MessageBoxW.USER32 ref: 00007FF682E82C05
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                                  • API String ID: 3752271684-1116378104
                                                                                                                                                                                                                                                  • Opcode ID: d0ee005bfdeb011a84540aff6346199bb1fc02b76f4ac94b865217064e0c6b04
                                                                                                                                                                                                                                                  • Instruction ID: 0fd330db3dd3d7959884b09c6c215cb9d82441764afca180f40222368c427d8d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0ee005bfdeb011a84540aff6346199bb1fc02b76f4ac94b865217064e0c6b04
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AC51F520B5D243D1FE54A762A86D2BA52917F89BC8F04403EED4EC77D3DEACE501C208
                                                                                                                                                                                                                                                  Function 00007FF682EA65EC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 766 7ff682ea65ec-7ff682ea6621 call 7ff682ea5cf8 call 7ff682ea5d00 call 7ff682ea5d68 773 7ff682ea675f-7ff682ea67cd call 7ff682e9aec4 call 7ff682ea1be8 766->773 774 7ff682ea6627-7ff682ea6632 call 7ff682ea5d08 766->774 786 7ff682ea67cf-7ff682ea67d6 773->786 787 7ff682ea67db-7ff682ea67de 773->787 774->773 779 7ff682ea6638-7ff682ea6643 call 7ff682ea5d38 774->779 779->773 785 7ff682ea6649-7ff682ea666c call 7ff682e9af0c GetTimeZoneInformation 779->785 799 7ff682ea6672-7ff682ea6693 785->799 800 7ff682ea6734-7ff682ea675e call 7ff682ea5cf0 call 7ff682ea5ce0 call 7ff682ea5ce8 785->800 791 7ff682ea686b-7ff682ea686e 786->791 788 7ff682ea67e0 787->788 789 7ff682ea6815-7ff682ea6828 call 7ff682e9dbbc 787->789 792 7ff682ea67e3 788->792 807 7ff682ea6833-7ff682ea684e call 7ff682ea1be8 789->807 808 7ff682ea682a 789->808 791->792 793 7ff682ea6874-7ff682ea687c call 7ff682ea6370 791->793 797 7ff682ea67e8-7ff682ea6814 call 7ff682e9af0c call 7ff682e8bcc0 792->797 798 7ff682ea67e3 call 7ff682ea65ec 792->798 793->797 798->797 803 7ff682ea669e-7ff682ea66a5 799->803 804 7ff682ea6695-7ff682ea669b 799->804 810 7ff682ea66a7-7ff682ea66af 803->810 811 7ff682ea66b9 803->811 804->803 823 7ff682ea6850-7ff682ea6853 807->823 824 7ff682ea6855-7ff682ea6867 call 7ff682e9af0c 807->824 814 7ff682ea682c-7ff682ea6831 call 7ff682e9af0c 808->814 810->811 816 7ff682ea66b1-7ff682ea66b7 810->816 818 7ff682ea66bb-7ff682ea672f call 7ff682e8d0e0 * 4 call 7ff682ea31cc call 7ff682ea6884 * 2 811->818 814->788 816->818 818->800 823->814 824->791
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF682EA661A
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682EA5D68: _invalid_parameter_noinfo.LIBCMT ref: 00007FF682EA5D7C
                                                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF682EA662B
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682EA5D08: _invalid_parameter_noinfo.LIBCMT ref: 00007FF682EA5D1C
                                                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF682EA663C
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682EA5D38: _invalid_parameter_noinfo.LIBCMT ref: 00007FF682EA5D4C
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682E9AF0C: RtlFreeHeap.NTDLL(?,?,?,00007FF682EA3392,?,?,?,00007FF682EA33CF,?,?,00000000,00007FF682EA3895,?,?,00000000,00007FF682EA37C7), ref: 00007FF682E9AF22
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682E9AF0C: GetLastError.KERNEL32(?,?,?,00007FF682EA3392,?,?,?,00007FF682EA33CF,?,?,00000000,00007FF682EA3895,?,?,00000000,00007FF682EA37C7), ref: 00007FF682E9AF2C
                                                                                                                                                                                                                                                  • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF682EA687C), ref: 00007FF682EA6663
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                                  • API String ID: 3458911817-239921721
                                                                                                                                                                                                                                                  • Opcode ID: d89d275585cbbb59bda8e874ee0f2677ffedd79ad2d8aa11b56fbb7743459a01
                                                                                                                                                                                                                                                  • Instruction ID: 8550b92067af8bd57747c9782fbe996dd6eda97fcf628b2b59e4f4cb740859e1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d89d275585cbbb59bda8e874ee0f2677ffedd79ad2d8aa11b56fbb7743459a01
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6351B136E18642C6E720DF21E8985A96761FF58B8CF40413DEA4ED7A95DFBCE401CB48
                                                                                                                                                                                                                                                  Function 00007FF682E81710 Relevance: 24.6, APIs: 1, Strings: 13, Instructions: 148COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 0 7ff682e81710-7ff682e81724 1 7ff682e81726-7ff682e8173d call 7ff682e82b30 0->1 2 7ff682e8173e-7ff682e81742 0->2 4 7ff682e81768-7ff682e8178b call 7ff682e87c10 2->4 5 7ff682e81744-7ff682e8174d call 7ff682e812b0 2->5 11 7ff682e8178d-7ff682e817b8 call 7ff682e82890 4->11 12 7ff682e817b9-7ff682e817d4 call 7ff682e83fd0 4->12 13 7ff682e8175f-7ff682e81767 5->13 14 7ff682e8174f-7ff682e8175a call 7ff682e82b30 5->14 20 7ff682e817d6-7ff682e817e9 call 7ff682e82b30 12->20 21 7ff682e817ee-7ff682e81801 call 7ff682e90814 12->21 14->13 28 7ff682e8192f-7ff682e81932 call 7ff682e9018c 20->28 26 7ff682e81823-7ff682e81827 21->26 27 7ff682e81803-7ff682e8181e call 7ff682e82890 21->27 31 7ff682e81829-7ff682e81835 call 7ff682e81050 26->31 32 7ff682e81841-7ff682e81861 call 7ff682e94f90 26->32 37 7ff682e81927-7ff682e8192a call 7ff682e9018c 27->37 34 7ff682e81937-7ff682e8194e 28->34 38 7ff682e8183a-7ff682e8183c 31->38 41 7ff682e81863-7ff682e8187d call 7ff682e82890 32->41 42 7ff682e81882-7ff682e81888 32->42 37->28 38->37 49 7ff682e8191d-7ff682e81922 41->49 44 7ff682e81915-7ff682e81918 call 7ff682e94f7c 42->44 45 7ff682e8188e-7ff682e81897 42->45 44->49 46 7ff682e818a0-7ff682e818c2 call 7ff682e904dc 45->46 52 7ff682e818f5-7ff682e818fc 46->52 53 7ff682e818c4-7ff682e818dc call 7ff682e90c1c 46->53 49->37 55 7ff682e81903-7ff682e8190b call 7ff682e82890 52->55 58 7ff682e818e5-7ff682e818f3 53->58 59 7ff682e818de-7ff682e818e1 53->59 62 7ff682e81910 55->62 58->55 59->46 61 7ff682e818e3 59->61 61->62 62->44
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Message
                                                                                                                                                                                                                                                  • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc$pyi_arch_extract2fs was called before temporary directory was initialized!
                                                                                                                                                                                                                                                  • API String ID: 2030045667-3833288071
                                                                                                                                                                                                                                                  • Opcode ID: 87343fe10619d9e83b33ad50ad85e1553a80dad7a26c37df04226b889a4fe075
                                                                                                                                                                                                                                                  • Instruction ID: 99103dc2cee6bb2fefbeb13db3eb0a41bc31796450bb007b5c7f6b762a4c5d15
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 87343fe10619d9e83b33ad50ad85e1553a80dad7a26c37df04226b889a4fe075
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE51DF61B58642C6EB109B25E8582B963A0BF55B9CF40413DEE8DCB695DFBCE244C708
                                                                                                                                                                                                                                                  Function 00007FF682E88950 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(0000000100000001,00007FF682E8414C,00007FF682E87911,?,00007FF682E87D26,?,00007FF682E81785), ref: 00007FF682E88990
                                                                                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(?,00007FF682E87D26,?,00007FF682E81785), ref: 00007FF682E889A1
                                                                                                                                                                                                                                                  • GetTokenInformation.KERNELBASE(?,00007FF682E87D26,?,00007FF682E81785), ref: 00007FF682E889C3
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF682E87D26,?,00007FF682E81785), ref: 00007FF682E889CD
                                                                                                                                                                                                                                                  • GetTokenInformation.KERNELBASE(?,00007FF682E87D26,?,00007FF682E81785), ref: 00007FF682E88A0A
                                                                                                                                                                                                                                                  • ConvertSidToStringSidW.ADVAPI32 ref: 00007FF682E88A1C
                                                                                                                                                                                                                                                  • CloseHandle.KERNELBASE(?,00007FF682E87D26,?,00007FF682E81785), ref: 00007FF682E88A34
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?,00007FF682E87D26,?,00007FF682E81785), ref: 00007FF682E88A66
                                                                                                                                                                                                                                                  • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32 ref: 00007FF682E88A8D
                                                                                                                                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,00007FF682E87D26,?,00007FF682E81785), ref: 00007FF682E88A9E
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                                                                                                                                                                                                  • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                                                                                                                  • API String ID: 4998090-2855260032
                                                                                                                                                                                                                                                  • Opcode ID: 277e46be752bec10122730c01fa2f416892ba719bf6bded195714ae853bd66f0
                                                                                                                                                                                                                                                  • Instruction ID: c0c78696db5fbfc83fa48678bcec2fd821881965f89e418dd88c781042abdedf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 277e46be752bec10122730c01fa2f416892ba719bf6bded195714ae853bd66f0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C841B031618686C2EB50CF60E4886AA6360FF94798F44023DEA9EC7AE5DFBCE404C704
                                                                                                                                                                                                                                                  Function 00007FF682E81AA0 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 135COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _fread_nolock$Message
                                                                                                                                                                                                                                                  • String ID: Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                                                                                                                  • API String ID: 677216364-1384898525
                                                                                                                                                                                                                                                  • Opcode ID: 885a60bfd35d189cc9b4b7bd662c89924dd8b692e04ef3321e80749b8243a107
                                                                                                                                                                                                                                                  • Instruction ID: ec78d0f841721a743f3e43545f8366b3b5fb368400986b814f96f1bf020f717f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 885a60bfd35d189cc9b4b7bd662c89924dd8b692e04ef3321e80749b8243a107
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF518D71A19642C6EB18CF28E4581B833A0FF58B8CB55853EDA4DC7799DEBCE440CB48
                                                                                                                                                                                                                                                  Function 00007FF682E88080 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90processsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                                                                  • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                                                                                  • API String ID: 2895956056-3524285272
                                                                                                                                                                                                                                                  • Opcode ID: 43f1d35e7fbf24803adac071d2ce953c020152e2d40e2e5a1956faa0815d12d1
                                                                                                                                                                                                                                                  • Instruction ID: 3d193e021168b8fe576ad2ad7b8e3a304be8caea889e7f58cb7ceaca20c4eda2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 43f1d35e7fbf24803adac071d2ce953c020152e2d40e2e5a1956faa0815d12d1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7412471A08785C2DA20DB64E4592AAB360FFA5364F50073EEAAD877E5DFBCD054CB04
                                                                                                                                                                                                                                                  Function 00007FF682E81000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 264COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 381 7ff682e81000-7ff682e839d6 call 7ff682e8ff60 call 7ff682e8ff58 call 7ff682e886b0 call 7ff682e8ff58 call 7ff682e8bc60 call 7ff682e952f0 call 7ff682e95ef8 call 7ff682e81eb0 399 7ff682e839dc-7ff682e839ec call 7ff682e83ec0 381->399 400 7ff682e83ad2 381->400 399->400 406 7ff682e839f2-7ff682e83a05 call 7ff682e83d90 399->406 401 7ff682e83ad7-7ff682e83af7 call 7ff682e8bcc0 400->401 406->400 409 7ff682e83a0b-7ff682e83a32 call 7ff682e87b60 406->409 412 7ff682e83a74-7ff682e83a9c call 7ff682e88040 call 7ff682e81cb0 409->412 413 7ff682e83a34-7ff682e83a43 call 7ff682e87b60 409->413 424 7ff682e83aa2-7ff682e83ab8 call 7ff682e81cb0 412->424 425 7ff682e83b71-7ff682e83b82 412->425 413->412 418 7ff682e83a45-7ff682e83a4b 413->418 420 7ff682e83a4d-7ff682e83a55 418->420 421 7ff682e83a57-7ff682e83a71 call 7ff682e94f7c call 7ff682e88040 418->421 420->421 421->412 435 7ff682e83aba-7ff682e83acd call 7ff682e82b30 424->435 436 7ff682e83af8-7ff682e83afb 424->436 428 7ff682e83b84-7ff682e83b8b 425->428 429 7ff682e83b9e-7ff682e83ba1 425->429 428->429 432 7ff682e83b8d-7ff682e83b90 call 7ff682e814f0 428->432 433 7ff682e83bb7-7ff682e83bcf call 7ff682e88ae0 429->433 434 7ff682e83ba3-7ff682e83ba9 429->434 446 7ff682e83b95-7ff682e83b98 432->446 447 7ff682e83be2-7ff682e83be9 SetDllDirectoryW 433->447 448 7ff682e83bd1-7ff682e83bdd call 7ff682e82b30 433->448 439 7ff682e83bab-7ff682e83bb5 434->439 440 7ff682e83bef-7ff682e83bfc call 7ff682e86de0 434->440 435->400 436->425 445 7ff682e83afd-7ff682e83b14 call 7ff682e83fd0 436->445 439->433 439->440 452 7ff682e83c47-7ff682e83c4c call 7ff682e86d60 440->452 453 7ff682e83bfe-7ff682e83c0b call 7ff682e86a90 440->453 458 7ff682e83b1b-7ff682e83b47 call 7ff682e882b0 445->458 459 7ff682e83b16-7ff682e83b19 445->459 446->400 446->429 447->440 448->400 460 7ff682e83c51-7ff682e83c54 452->460 453->452 467 7ff682e83c0d-7ff682e83c1c call 7ff682e865f0 453->467 458->425 469 7ff682e83b49-7ff682e83b51 call 7ff682e9018c 458->469 462 7ff682e83b56-7ff682e83b6c call 7ff682e82b30 459->462 465 7ff682e83c5a-7ff682e83c67 460->465 466 7ff682e83d06-7ff682e83d15 call 7ff682e834c0 460->466 462->400 471 7ff682e83c70-7ff682e83c7a 465->471 466->400 479 7ff682e83d1b-7ff682e83d4d call 7ff682e87fd0 call 7ff682e87b60 call 7ff682e83620 call 7ff682e88080 466->479 483 7ff682e83c3d-7ff682e83c42 call 7ff682e86840 467->483 484 7ff682e83c1e-7ff682e83c2a call 7ff682e86570 467->484 469->462 475 7ff682e83c7c-7ff682e83c81 471->475 476 7ff682e83c83-7ff682e83c85 471->476 475->471 475->476 481 7ff682e83c87-7ff682e83caa call 7ff682e81ef0 476->481 482 7ff682e83cd1-7ff682e83d01 call 7ff682e83620 call 7ff682e83460 call 7ff682e83610 call 7ff682e86840 call 7ff682e86d60 476->482 509 7ff682e83d52-7ff682e83d6f call 7ff682e86840 call 7ff682e86d60 479->509 481->400 494 7ff682e83cb0-7ff682e83cba 481->494 482->401 483->452 484->483 495 7ff682e83c2c-7ff682e83c3b call 7ff682e86c30 484->495 498 7ff682e83cc0-7ff682e83ccf 494->498 495->460 498->482 498->498 517 7ff682e83d7d-7ff682e83d87 call 7ff682e81e80 509->517 518 7ff682e83d71-7ff682e83d78 call 7ff682e87d40 509->518 517->401 518->517
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682E83EC0: GetModuleFileNameW.KERNEL32(?,00007FF682E839EA), ref: 00007FF682E83EF1
                                                                                                                                                                                                                                                  • SetDllDirectoryW.KERNEL32 ref: 00007FF682E83BE9
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682E87B60: GetEnvironmentVariableW.KERNEL32(00007FF682E83A1F), ref: 00007FF682E87B9A
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682E87B60: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF682E87BB7
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                                                                                                                  • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                                                                                  • API String ID: 2344891160-3602715111
                                                                                                                                                                                                                                                  • Opcode ID: bc804580661d330fd68571be0a8a6f4046a9eb4bd7f0ff81acb8572ffe878501
                                                                                                                                                                                                                                                  • Instruction ID: 6169b1c9a2536f88f15a730ca0bbeff4a28064cc55f85055f77cddedbf373a53
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc804580661d330fd68571be0a8a6f4046a9eb4bd7f0ff81acb8572ffe878501
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7B1B261B5C686C1EE25AB21D5582FD23A0BF5878CF44013DEE9DC7696EFACE501C708
                                                                                                                                                                                                                                                  Function 00007FF682E81050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 522 7ff682e81050-7ff682e810ab call 7ff682e8b4e0 525 7ff682e810ad-7ff682e810d2 call 7ff682e82b30 522->525 526 7ff682e810d3-7ff682e810eb call 7ff682e94f90 522->526 531 7ff682e810ed-7ff682e81104 call 7ff682e82890 526->531 532 7ff682e81109-7ff682e81119 call 7ff682e94f90 526->532 537 7ff682e8126c-7ff682e81281 call 7ff682e8b1c0 call 7ff682e94f7c * 2 531->537 538 7ff682e8111b-7ff682e81132 call 7ff682e82890 532->538 539 7ff682e81137-7ff682e81147 532->539 555 7ff682e81286-7ff682e812a0 537->555 538->537 540 7ff682e81150-7ff682e81175 call 7ff682e904dc 539->540 548 7ff682e8117b-7ff682e81185 call 7ff682e90250 540->548 549 7ff682e8125e 540->549 548->549 556 7ff682e8118b-7ff682e81197 548->556 551 7ff682e81264 549->551 551->537 557 7ff682e811a0-7ff682e811c8 call 7ff682e89990 556->557 560 7ff682e811ca-7ff682e811cd 557->560 561 7ff682e81241-7ff682e8125c call 7ff682e82b30 557->561 563 7ff682e8123c 560->563 564 7ff682e811cf-7ff682e811d9 560->564 561->551 563->561 566 7ff682e811db-7ff682e811e8 call 7ff682e90c1c 564->566 567 7ff682e81203-7ff682e81206 564->567 571 7ff682e811ed-7ff682e811f0 566->571 568 7ff682e81219-7ff682e8121e 567->568 569 7ff682e81208-7ff682e81216 call 7ff682e8ca40 567->569 568->557 573 7ff682e81220-7ff682e81223 568->573 569->568 574 7ff682e811f2-7ff682e811fc call 7ff682e90250 571->574 575 7ff682e811fe-7ff682e81201 571->575 577 7ff682e81237-7ff682e8123a 573->577 578 7ff682e81225-7ff682e81228 573->578 574->568 574->575 575->561 577->551 578->561 580 7ff682e8122a-7ff682e81232 578->580 580->540
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Message
                                                                                                                                                                                                                                                  • String ID: 1.2.13$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                                  • API String ID: 2030045667-1655038675
                                                                                                                                                                                                                                                  • Opcode ID: 7739cbabc253cc6e8f59069b699201d0862b4b88c7660801c14c8af0229557fd
                                                                                                                                                                                                                                                  • Instruction ID: ec32c7fdf3868de0eebb77a8b021d3667ec0db99b627b55b1445580ce0f3cf2f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7739cbabc253cc6e8f59069b699201d0862b4b88c7660801c14c8af0229557fd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 84510162A58682C5EB209B55E4483BA6290FF8479CF44413EED8ECB795EFBCE504C708
                                                                                                                                                                                                                                                  Function 00007FF682E9C01C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 653 7ff682e9c01c-7ff682e9c042 654 7ff682e9c044-7ff682e9c058 call 7ff682e954a4 call 7ff682e954c4 653->654 655 7ff682e9c05d-7ff682e9c061 653->655 671 7ff682e9c44e 654->671 657 7ff682e9c437-7ff682e9c443 call 7ff682e954a4 call 7ff682e954c4 655->657 658 7ff682e9c067-7ff682e9c06e 655->658 677 7ff682e9c449 call 7ff682e9aea4 657->677 658->657 660 7ff682e9c074-7ff682e9c0a2 658->660 660->657 663 7ff682e9c0a8-7ff682e9c0af 660->663 666 7ff682e9c0b1-7ff682e9c0c3 call 7ff682e954a4 call 7ff682e954c4 663->666 667 7ff682e9c0c8-7ff682e9c0cb 663->667 666->677 669 7ff682e9c0d1-7ff682e9c0d7 667->669 670 7ff682e9c433-7ff682e9c435 667->670 669->670 675 7ff682e9c0dd-7ff682e9c0e0 669->675 674 7ff682e9c451-7ff682e9c468 670->674 671->674 675->666 679 7ff682e9c0e2-7ff682e9c107 675->679 677->671 682 7ff682e9c109-7ff682e9c10b 679->682 683 7ff682e9c13a-7ff682e9c141 679->683 686 7ff682e9c132-7ff682e9c138 682->686 687 7ff682e9c10d-7ff682e9c114 682->687 684 7ff682e9c143-7ff682e9c16b call 7ff682e9dbbc call 7ff682e9af0c * 2 683->684 685 7ff682e9c116-7ff682e9c12d call 7ff682e954a4 call 7ff682e954c4 call 7ff682e9aea4 683->685 714 7ff682e9c188-7ff682e9c1b3 call 7ff682e9c844 684->714 715 7ff682e9c16d-7ff682e9c183 call 7ff682e954c4 call 7ff682e954a4 684->715 719 7ff682e9c2c0 685->719 690 7ff682e9c1b8-7ff682e9c1cf 686->690 687->685 687->686 691 7ff682e9c1d1-7ff682e9c1d9 690->691 692 7ff682e9c24a-7ff682e9c254 call 7ff682ea3f8c 690->692 691->692 695 7ff682e9c1db-7ff682e9c1dd 691->695 705 7ff682e9c2de 692->705 706 7ff682e9c25a-7ff682e9c26f 692->706 695->692 699 7ff682e9c1df-7ff682e9c1f5 695->699 699->692 703 7ff682e9c1f7-7ff682e9c203 699->703 703->692 708 7ff682e9c205-7ff682e9c207 703->708 710 7ff682e9c2e3-7ff682e9c303 ReadFile 705->710 706->705 711 7ff682e9c271-7ff682e9c283 GetConsoleMode 706->711 708->692 713 7ff682e9c209-7ff682e9c221 708->713 716 7ff682e9c309-7ff682e9c311 710->716 717 7ff682e9c3fd-7ff682e9c406 GetLastError 710->717 711->705 718 7ff682e9c285-7ff682e9c28d 711->718 713->692 723 7ff682e9c223-7ff682e9c22f 713->723 714->690 715->719 716->717 725 7ff682e9c317 716->725 720 7ff682e9c423-7ff682e9c426 717->720 721 7ff682e9c408-7ff682e9c41e call 7ff682e954c4 call 7ff682e954a4 717->721 718->710 727 7ff682e9c28f-7ff682e9c2b1 ReadConsoleW 718->727 722 7ff682e9c2c3-7ff682e9c2cd call 7ff682e9af0c 719->722 733 7ff682e9c2b9-7ff682e9c2bb call 7ff682e95438 720->733 734 7ff682e9c42c-7ff682e9c42e 720->734 721->719 722->674 723->692 732 7ff682e9c231-7ff682e9c233 723->732 736 7ff682e9c31e-7ff682e9c333 725->736 728 7ff682e9c2b3 GetLastError 727->728 729 7ff682e9c2d2-7ff682e9c2dc 727->729 728->733 729->736 732->692 741 7ff682e9c235-7ff682e9c245 732->741 733->719 734->722 736->722 743 7ff682e9c335-7ff682e9c340 736->743 741->692 746 7ff682e9c342-7ff682e9c35b call 7ff682e9bc34 743->746 747 7ff682e9c367-7ff682e9c36f 743->747 752 7ff682e9c360-7ff682e9c362 746->752 748 7ff682e9c371-7ff682e9c383 747->748 749 7ff682e9c3eb-7ff682e9c3f8 call 7ff682e9ba74 747->749 753 7ff682e9c3de-7ff682e9c3e6 748->753 754 7ff682e9c385 748->754 749->752 752->722 753->722 757 7ff682e9c38a-7ff682e9c391 754->757 758 7ff682e9c393-7ff682e9c397 757->758 759 7ff682e9c3cd-7ff682e9c3d8 757->759 760 7ff682e9c3b3 758->760 761 7ff682e9c399-7ff682e9c3a0 758->761 759->753 763 7ff682e9c3b9-7ff682e9c3c9 760->763 761->760 762 7ff682e9c3a2-7ff682e9c3a6 761->762 762->760 764 7ff682e9c3a8-7ff682e9c3b1 762->764 763->757 765 7ff682e9c3cb 763->765 764->763 765->753
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                                                  • Opcode ID: be7416da91f84ed5bfdd546aa92e4ee07cb2f4e154380db95b5ab7bb0620c26f
                                                                                                                                                                                                                                                  • Instruction ID: bace4ce6a1fd1c05f4337beaf03778c388a271f5f04bde21b6b8fc9f1355d5be
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: be7416da91f84ed5bfdd546aa92e4ee07cb2f4e154380db95b5ab7bb0620c26f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2EC1D422A08B86D1E650AB5584483BD3B94FF99B88F55113EDE4E87391CEBCE465C708
                                                                                                                                                                                                                                                  Function 00007FF682E9D520 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 876 7ff682e9d520-7ff682e9d545 877 7ff682e9d813 876->877 878 7ff682e9d54b-7ff682e9d54e 876->878 879 7ff682e9d815-7ff682e9d825 877->879 880 7ff682e9d550-7ff682e9d582 call 7ff682e9add8 878->880 881 7ff682e9d587-7ff682e9d5b3 878->881 880->879 883 7ff682e9d5be-7ff682e9d5c4 881->883 884 7ff682e9d5b5-7ff682e9d5bc 881->884 885 7ff682e9d5d4-7ff682e9d5e9 call 7ff682ea3f8c 883->885 886 7ff682e9d5c6-7ff682e9d5cf call 7ff682e9c8e0 883->886 884->880 884->883 891 7ff682e9d5ef-7ff682e9d5f8 885->891 892 7ff682e9d703-7ff682e9d70c 885->892 886->885 891->892 895 7ff682e9d5fe-7ff682e9d602 891->895 893 7ff682e9d70e-7ff682e9d714 892->893 894 7ff682e9d760-7ff682e9d785 WriteFile 892->894 898 7ff682e9d716-7ff682e9d719 893->898 899 7ff682e9d74c-7ff682e9d75e call 7ff682e9cfd8 893->899 896 7ff682e9d790 894->896 897 7ff682e9d787-7ff682e9d78d GetLastError 894->897 900 7ff682e9d613-7ff682e9d61e 895->900 901 7ff682e9d604-7ff682e9d60c call 7ff682e94900 895->901 902 7ff682e9d793 896->902 897->896 903 7ff682e9d738-7ff682e9d74a call 7ff682e9d1f8 898->903 904 7ff682e9d71b-7ff682e9d71e 898->904 917 7ff682e9d6f0-7ff682e9d6f7 899->917 906 7ff682e9d62f-7ff682e9d644 GetConsoleMode 900->906 907 7ff682e9d620-7ff682e9d629 900->907 901->900 909 7ff682e9d798 902->909 903->917 910 7ff682e9d7a4-7ff682e9d7ae 904->910 911 7ff682e9d724-7ff682e9d736 call 7ff682e9d0dc 904->911 914 7ff682e9d64a-7ff682e9d650 906->914 915 7ff682e9d6fc 906->915 907->892 907->906 918 7ff682e9d79d 909->918 919 7ff682e9d7b0-7ff682e9d7b5 910->919 920 7ff682e9d80c-7ff682e9d811 910->920 911->917 923 7ff682e9d656-7ff682e9d659 914->923 924 7ff682e9d6d9-7ff682e9d6eb call 7ff682e9cb60 914->924 915->892 917->909 918->910 928 7ff682e9d7e3-7ff682e9d7ed 919->928 929 7ff682e9d7b7-7ff682e9d7ba 919->929 920->879 925 7ff682e9d664-7ff682e9d672 923->925 926 7ff682e9d65b-7ff682e9d65e 923->926 924->917 933 7ff682e9d6d0-7ff682e9d6d4 925->933 934 7ff682e9d674 925->934 926->918 926->925 931 7ff682e9d7ef-7ff682e9d7f2 928->931 932 7ff682e9d7f4-7ff682e9d803 928->932 935 7ff682e9d7d3-7ff682e9d7de call 7ff682e95480 929->935 936 7ff682e9d7bc-7ff682e9d7cb 929->936 931->877 931->932 932->920 933->902 937 7ff682e9d678-7ff682e9d68f call 7ff682ea4058 934->937 935->928 936->935 942 7ff682e9d691-7ff682e9d69d 937->942 943 7ff682e9d6c7-7ff682e9d6cd GetLastError 937->943 944 7ff682e9d69f-7ff682e9d6b1 call 7ff682ea4058 942->944 945 7ff682e9d6bc-7ff682e9d6c3 942->945 943->933 944->943 949 7ff682e9d6b3-7ff682e9d6ba 944->949 945->933 947 7ff682e9d6c5 945->947 947->937 949->945
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF682E9D50B), ref: 00007FF682E9D63C
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF682E9D50B), ref: 00007FF682E9D6C7
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 953036326-0
                                                                                                                                                                                                                                                  • Opcode ID: 9c71bbc92960716eb9d411b0b48861d3e4dcea1db34bc3604978879cc3cc685b
                                                                                                                                                                                                                                                  • Instruction ID: 3b2ebe57ffe9e6ec8951b4278f3c46018154298d98b10adf667ce9904545ed1b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c71bbc92960716eb9d411b0b48861d3e4dcea1db34bc3604978879cc3cc685b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E391D672E18661C5F760AF6994482BD2BA0BF54B8CF14413EDE8EA7686CFB8D491C304
                                                                                                                                                                                                                                                  Function 00007FF682E9FCEC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4170891091-0
                                                                                                                                                                                                                                                  • Opcode ID: 576313037ba361094b23b779854add166a997b8059c5947e2a7d8f77b38f16ad
                                                                                                                                                                                                                                                  • Instruction ID: 01813880b1958ff0f5c36c0233fd33a4b02aa349e355ab306459595e2f83a0f2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 576313037ba361094b23b779854add166a997b8059c5947e2a7d8f77b38f16ad
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8351C272F04212CAEB24CF2499596BC37A5BF1036CF51123EED1E92AE5DF78A452C704
                                                                                                                                                                                                                                                  Function 00007FF682E95854 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2780335769-0
                                                                                                                                                                                                                                                  • Opcode ID: a7b857db6b01e19318b34c0e1f4ae245464e2a3bbbae32caf4e8ae7d5ae051c5
                                                                                                                                                                                                                                                  • Instruction ID: cf618fa53e0ce2aad6a66ae364a40117bef26fe8deb346bd0a540fada4669084
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a7b857db6b01e19318b34c0e1f4ae245464e2a3bbbae32caf4e8ae7d5ae051c5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10519C62A08645CAFB10CF60D4543BD23A1BF58B6CF14853EDE5D97689DFB8D4A1C708
                                                                                                                                                                                                                                                  Function 00007FF682E8C07C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1452418845-0
                                                                                                                                                                                                                                                  • Opcode ID: 416c85195b1c4a12d0bca0f9f3e62a22dfdeb9afd9333f8228f8268f9139cf84
                                                                                                                                                                                                                                                  • Instruction ID: fe352960bc5d2a3a1305286eb18ccd129ba2cb2141046c131d30b701a550e24f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 416c85195b1c4a12d0bca0f9f3e62a22dfdeb9afd9333f8228f8268f9139cf84
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E314C11A88543C1FA28AB64D4993B923A1BF6678CF44603DDD8EC72D7DEACB405C21D
                                                                                                                                                                                                                                                  Function 00007FF682E95700 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1279662727-0
                                                                                                                                                                                                                                                  • Opcode ID: 4e99df99e7301f39d701a276f02ef329721f1d5d609599a82ba0c959db36bcb5
                                                                                                                                                                                                                                                  • Instruction ID: 75e3a312f2216533ad194d394db0cb176db6aff60a231ff01539b455bf25fd05
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e99df99e7301f39d701a276f02ef329721f1d5d609599a82ba0c959db36bcb5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5418162D18786C3E7608B2095183A96360FFA5768F10933EEA9D47AD5DFBCA5F0C704
                                                                                                                                                                                                                                                  Function 00007FF682E9027C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                                                  • Opcode ID: 2f7bb398de8c4fd3266a2cb5114fed605c2779b223882c17691b198031e80610
                                                                                                                                                                                                                                                  • Instruction ID: 50c53b2e069d2ca9d5b8dee2f06103a66439ac9633dedb783b3af0aa1d920255
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f7bb398de8c4fd3266a2cb5114fed605c2779b223882c17691b198031e80610
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2851F421B09651C6EA68DE36D4086BA62C1BF45BACF54463EDD6CC77C6CEBCE460C608
                                                                                                                                                                                                                                                  Function 00007FF682E9C6F4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2976181284-0
                                                                                                                                                                                                                                                  • Opcode ID: b08d68fc7a6d73a6a6e4925e4a9dc39ae2e5fb86b78546c657aad159ae176ccc
                                                                                                                                                                                                                                                  • Instruction ID: 222eba5094c1013815e29a729ef8589e75d63ecbbfa0ef85b48f75af44772cca
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b08d68fc7a6d73a6a6e4925e4a9dc39ae2e5fb86b78546c657aad159ae176ccc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68112261608A81C1DA109B35A4081696361BF54BF8F54133EEEBD877D9CFBCD021C704
                                                                                                                                                                                                                                                  Function 00007FF682E959FC Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF682E95911), ref: 00007FF682E95A2F
                                                                                                                                                                                                                                                  • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF682E95911), ref: 00007FF682E95A45
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1707611234-0
                                                                                                                                                                                                                                                  • Opcode ID: 01955a0fff7c8d04301666730a5fae84f6474b835d1eccbedadb07c42297a861
                                                                                                                                                                                                                                                  • Instruction ID: c040eb12bed202ab2e748ae464a650a53cdbcd7fa79300a4374a72b3624fb52c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 01955a0fff7c8d04301666730a5fae84f6474b835d1eccbedadb07c42297a861
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B0116D7260C646C1EB548B11A45517AB7A0FF85765F50023EFAAEC59E8EFACD058CB08
                                                                                                                                                                                                                                                  Function 00007FF682E9AF0C Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(?,?,?,00007FF682EA3392,?,?,?,00007FF682EA33CF,?,?,00000000,00007FF682EA3895,?,?,00000000,00007FF682EA37C7), ref: 00007FF682E9AF22
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF682EA3392,?,?,?,00007FF682EA33CF,?,?,00000000,00007FF682EA3895,?,?,00000000,00007FF682EA37C7), ref: 00007FF682E9AF2C
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 485612231-0
                                                                                                                                                                                                                                                  • Opcode ID: bfb090b2684f97747e4e2589e7b79ee9627266c2664004addae3296ee4c2c8e2
                                                                                                                                                                                                                                                  • Instruction ID: e07a81e031df298303b10cada31818f4097ea71f1d1345b96f10ab058a3d7440
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bfb090b2684f97747e4e2589e7b79ee9627266c2664004addae3296ee4c2c8e2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6EE0CD91F08206C2FF64ABF2544D17511917FA4B09F40443DCC0FD7392DEEC68A5C218
                                                                                                                                                                                                                                                  Function 00007FF682E9B11C Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CloseHandle.KERNELBASE(?,?,?,00007FF682E9AF99,?,?,00000000,00007FF682E9B04E), ref: 00007FF682E9B18A
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF682E9AF99,?,?,00000000,00007FF682E9B04E), ref: 00007FF682E9B194
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 918212764-0
                                                                                                                                                                                                                                                  • Opcode ID: b40b4e21971f44bf7084fa7db8f9dedbad63d491ac625d0e9d3072d74158efd6
                                                                                                                                                                                                                                                  • Instruction ID: 05e9bd6d02adc8a6c8d0badb336b75b6c58fbb6132dd23d60f2a46ea1ff23005
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b40b4e21971f44bf7084fa7db8f9dedbad63d491ac625d0e9d3072d74158efd6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 76210161B18282C1FA90C762948C27D22827F90BA8F04423FDA5EC73D2CEECA465C618
                                                                                                                                                                                                                                                  Function 00007FF682E9C46C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                                                  • Opcode ID: 6c27d5487ee8182774302d92aae2f9046d2b98e9277a8b83ca44002d61502fcf
                                                                                                                                                                                                                                                  • Instruction ID: 3687e78a31bc85b9ccc9ec62201608bd505f6f361dce2ea5377a8ad609dddb44
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c27d5487ee8182774302d92aae2f9046d2b98e9277a8b83ca44002d61502fcf
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A241A172A08241C7EB34EA29E54827977A0FF5AB49F10153EDA8EC3791CFACE412C755
                                                                                                                                                                                                                                                  Function 00007FF682E882B0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _fread_nolock
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 840049012-0
                                                                                                                                                                                                                                                  • Opcode ID: 769c694078216e3e967d8c6fbad097522bcbd76ef7f427309f5f9921e1c76582
                                                                                                                                                                                                                                                  • Instruction ID: d204ee7863dd8c52f0f9a34865fc286593c6e33a848b3a3de250e85f639b91f2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 769c694078216e3e967d8c6fbad097522bcbd76ef7f427309f5f9921e1c76582
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0221EA21B48296C5FB50DB12A4087FA6651BF45BDCF8C503DEE8D87786CEBCE001C208
                                                                                                                                                                                                                                                  Function 00007FF682E9BEFC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                                                  • Opcode ID: cf493e245973df117cfb9bdb4be30e1b7cc3e093745a0bb3aa436662ba277ffd
                                                                                                                                                                                                                                                  • Instruction ID: d5d26d75a7f587fa89ef09dd65a873ae02bc1e7c1b5db855650b699fecdefd87
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cf493e245973df117cfb9bdb4be30e1b7cc3e093745a0bb3aa436662ba277ffd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E731A062A18616C5F751EB56C8493BC2A50BF80BA9F41013FEA1D873D2CEFCE461CB19
                                                                                                                                                                                                                                                  Function 00007FF682E964A8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                                                  • Opcode ID: c06f943cf2cfad6cae40bb945918742757c954c3eb67e691afc5a150f41a7f23
                                                                                                                                                                                                                                                  • Instruction ID: 150495c1d6b407f36bc43d77b0802d4ee49aae38f6f96c6c3b384af7128fb73e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c06f943cf2cfad6cae40bb945918742757c954c3eb67e691afc5a150f41a7f23
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 67115121A1C641C1EE60DF51D40527AA2A4BF96B88F04443FEA8DD7B8ADFBCD460DB48
                                                                                                                                                                                                                                                  Function 00007FF682EA6CAC Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                                                  • Opcode ID: c0ad99c40d53020ccb328d164a39266f2dfd48b33636b9c7a3122610519525da
                                                                                                                                                                                                                                                  • Instruction ID: 3bfc06970f97b7060d7ec951329896ee22e50d95133b109934032028a257312b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c0ad99c40d53020ccb328d164a39266f2dfd48b33636b9c7a3122610519525da
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E21C232A18A41C6DB618F19E4443B976B0FF95B98F14423CEA5E876D9DF7CD800CB04
                                                                                                                                                                                                                                                  Function 00007FF682E904FC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                                                  • Opcode ID: e4e6805aeaf9884a68cba76bd798531beecc2a98c7129b287afec428eebc8cdc
                                                                                                                                                                                                                                                  • Instruction ID: 9542008c26af4236e4f6149ee7bd5cbced3acdfd1829cfa967512d36d9ac6887
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e4e6805aeaf9884a68cba76bd798531beecc2a98c7129b287afec428eebc8cdc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD01E561A08745C0EA10DB66D90406DA795BF85FE4F48423EDE5C93BDACEBCD021C304
                                                                                                                                                                                                                                                  Function 00007FF682E9F158 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(?,?,00000000,00007FF682E9B9A6,?,?,?,00007FF682E9AB67,?,?,00000000,00007FF682E9AE02), ref: 00007FF682E9F1AD
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                                                                                  • Opcode ID: 3903a8e07e771c3ce20f22a7cfda351bfc6825da59dd5d1b3ed6874a84ef80bd
                                                                                                                                                                                                                                                  • Instruction ID: 3211a9086db32b8361ced82c218a753b273991f8bc1c435201228b43c693e2a5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3903a8e07e771c3ce20f22a7cfda351bfc6825da59dd5d1b3ed6874a84ef80bd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0F06D55B09206C1FE949662D9182B962917F98B58F4C443ECD0EC63C3DEDCE4A0CAB8
                                                                                                                                                                                                                                                  Function 00007FF682E9DBBC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(?,?,?,00007FF682E90D24,?,?,?,00007FF682E92236,?,?,?,?,?,00007FF682E93829), ref: 00007FF682E9DBFA
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                                                                                  • Opcode ID: 4a58605cc4c1e1369a1067e1172dc77d995423b1642967883a658540b08b4ee9
                                                                                                                                                                                                                                                  • Instruction ID: cc9ce9f98dd66bf36c2c3e68487c08983490fa92cc2fe9ec050dec15c9356712
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a58605cc4c1e1369a1067e1172dc77d995423b1642967883a658540b08b4ee9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2F05E40B0C25AC5FE54666198182B512907F44768F08063DD86EC62C2DDDCA4A0C128

                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                  Function 00007FF682E851E0 Relevance: 233.1, APIs: 44, Strings: 89, Instructions: 363libraryloaderCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AddressProc
                                                                                                                                                                                                                                                  • String ID: Failed to get address for PyConfig_Clear$Failed to get address for PyConfig_InitIsolatedConfig$Failed to get address for PyConfig_Read$Failed to get address for PyConfig_SetBytesString$Failed to get address for PyConfig_SetString$Failed to get address for PyConfig_SetWideStringList$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyPreConfig_InitIsolatedConfig$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PyStatus_Exception$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetObject$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_ExitStatusException$Failed to get address for Py_Finalize$Failed to get address for Py_InitializeFromConfig$Failed to get address for Py_IsInitialized$Failed to get address for Py_PreInitialize$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                                                  • API String ID: 190572456-4266016200
                                                                                                                                                                                                                                                  • Opcode ID: cf77275b4bf0387ff900e5ea28e17749df250fc4abdfb995cff073003fe970f9
                                                                                                                                                                                                                                                  • Instruction ID: be642eb8f0c26d72c50faae04aa5e5e16cc86bbe8fd2eb458858ae0af74a75b3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cf77275b4bf0387ff900e5ea28e17749df250fc4abdfb995cff073003fe970f9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D12CF64A4AB07D4FB55CB18A89817027B1BF29748B85643DC85FE62A4FFFCB548C20C
                                                                                                                                                                                                                                                  Function 00007FF682E81F50 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 188windowCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessageSend$Window$Create$Move$ObjectSelect$#380BaseClientDialogDrawFontIndirectInfoParametersRectReleaseSystemTextUnits
                                                                                                                                                                                                                                                  • String ID: BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
                                                                                                                                                                                                                                                  • API String ID: 2446303242-1601438679
                                                                                                                                                                                                                                                  • Opcode ID: 2b11bbb19a83a086465840dcd7a103c40d81e06c4cc6566eb68c4ee1e4e9da55
                                                                                                                                                                                                                                                  • Instruction ID: 40af1d7520037f6ee9a0f4c2be63c5cb9e73006d1a5484036411b5d7181fec49
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b11bbb19a83a086465840dcd7a103c40d81e06c4cc6566eb68c4ee1e4e9da55
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4CA17A76208B85C6E7148F51E45879AB770FB98B88F50412EDB9E43B24DFBDE164CB00
                                                                                                                                                                                                                                                  Function 00007FF682EA471C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                  • API String ID: 808467561-2761157908
                                                                                                                                                                                                                                                  • Opcode ID: 462ebf29a53f9f8e0898a565754c8078d18c0a01f6b8af8c35fed8b76f3e05ac
                                                                                                                                                                                                                                                  • Instruction ID: f94ff9f317d3c9088d9e164962d998b6b915034267a33e4225a77738b0b677a1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 462ebf29a53f9f8e0898a565754c8078d18c0a01f6b8af8c35fed8b76f3e05ac
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3B2A272E18296CAE7648E64D5487F926B2FF6434CF50513DDA0EA7E84DFB8A900CB44
                                                                                                                                                                                                                                                  Function 00007FF682E88560 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,00007FF682E82A5E,?,?,?,?,?,?,?,?,?,?,?,00007FF682E8101D), ref: 00007FF682E88587
                                                                                                                                                                                                                                                  • FormatMessageW.KERNEL32 ref: 00007FF682E885B6
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32 ref: 00007FF682E8860C
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682E829E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF682E887F2,?,?,?,?,?,?,?,?,?,?,?,00007FF682E8101D), ref: 00007FF682E82A14
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682E829E0: MessageBoxW.USER32 ref: 00007FF682E82AF0
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLastMessage$ByteCharFormatMultiWide
                                                                                                                                                                                                                                                  • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                                                                                  • API String ID: 2920928814-2573406579
                                                                                                                                                                                                                                                  • Opcode ID: 6472fed7a38855fe53d018715946baf175a16c93e2266fbaa2446d02f1e91665
                                                                                                                                                                                                                                                  • Instruction ID: b10633b98d409832cb90f9a6d7db48b0f4103e4f7e43bd0303c0b676829b1686
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6472fed7a38855fe53d018715946baf175a16c93e2266fbaa2446d02f1e91665
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 39214171A08A46C1E720DB11E8582A663B5FFA838CF84013DEA8ED26A5DFBCD145C708
                                                                                                                                                                                                                                                  Function 00007FF682E8C57C Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3140674995-0
                                                                                                                                                                                                                                                  • Opcode ID: 2f0e84db8cb7341a902ef28a41a93ef6eb2637ed36960dc0fb1294147411c1b9
                                                                                                                                                                                                                                                  • Instruction ID: 5b4d4ee69e8ceff3104969cac501353fad69ab5588e5aebca24fa9a34226f50c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f0e84db8cb7341a902ef28a41a93ef6eb2637ed36960dc0fb1294147411c1b9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1316E72608A81CAEB648F60E8443ED3374FFA5748F44403EDA8E97A94DF78D248C718
                                                                                                                                                                                                                                                  Function 00007FF682E9ABD8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1239891234-0
                                                                                                                                                                                                                                                  • Opcode ID: 4ac1c30ff9e2098ff7eaac683efdfbba3e64979dbffe5e0d25534f02cf004e64
                                                                                                                                                                                                                                                  • Instruction ID: c098212c195818d07e3c528d80c08f96f01c10bfca2abc49a85de152c873109a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ac1c30ff9e2098ff7eaac683efdfbba3e64979dbffe5e0d25534f02cf004e64
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B316F72618B81C6DB60CF25E8442AE73A4FF99758F50013EEA8D83B98DF78D555CB04
                                                                                                                                                                                                                                                  Function 00007FF682EA1EE4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2227656907-0
                                                                                                                                                                                                                                                  • Opcode ID: e601e72e586d0b4de4a5ebf73eb2eb015632a136167348e3e84c4a74a70f75b2
                                                                                                                                                                                                                                                  • Instruction ID: cdbc335a85994eb5f02ddab8e6f58afb422ae810eb2afdbae84c6d886f1062b1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e601e72e586d0b4de4a5ebf73eb2eb015632a136167348e3e84c4a74a70f75b2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CFB1C862B18692C1EB609B2294085B963A1FF64BD8F44413EEE5FA7BC5DFBCE441C314
                                                                                                                                                                                                                                                  Function 00007FF682E8C460 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                                                                                  • Opcode ID: d807bcf8cbcf5afbec6ed78c6a62c7f595d782d60191141b96be5bff8736c763
                                                                                                                                                                                                                                                  • Instruction ID: eb8f663535aa95dc742d0ef0e35bee48365e6479cb3bbb964ae605ecf307b49d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d807bcf8cbcf5afbec6ed78c6a62c7f595d782d60191141b96be5bff8736c763
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D2114F62B14F05C9EB008B60E8482B933A4FB29758F441E39EE6D967A4DFB8D194C390
                                                                                                                                                                                                                                                  Function 00007FF682EA4280 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: memcpy_s
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1502251526-0
                                                                                                                                                                                                                                                  • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                                  • Instruction ID: 43f9360f66843736bc9cada0c215731166bd15a538505beae40c5de68a673660
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A1C1E472B19686C7D724CF19A04866AB7A1FBA4B88F45813CDB4B97B44DF7DE801CB04
                                                                                                                                                                                                                                                  Function 00007FF682EA9FF8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 15204871-0
                                                                                                                                                                                                                                                  • Opcode ID: b4cdb5d9b405a5f2b155a4653528c407a9956d0b6218a393af626003cf1b5a24
                                                                                                                                                                                                                                                  • Instruction ID: 3d001c4ac880603ce8ce3a9e3697209111d795a645d6ee4c14fed913289f513f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b4cdb5d9b405a5f2b155a4653528c407a9956d0b6218a393af626003cf1b5a24
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50B13A73604B85CBE765CF29C88A3683BB0FB54B88F148929DA5E837A4CF7AD451C714
                                                                                                                                                                                                                                                  Function 00007FF682E888D0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2295610775-0
                                                                                                                                                                                                                                                  • Opcode ID: 61dd1ed1e1c953fe7bf24916078f2f4a3db137be7e9bcdd6edf362509e7e8552
                                                                                                                                                                                                                                                  • Instruction ID: 1a5e67208c9947625c360b8252dc2f4b8b156c2d7bb7cb9fa2a1588776c0d8f7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 61dd1ed1e1c953fe7bf24916078f2f4a3db137be7e9bcdd6edf362509e7e8552
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57F08162A1C685C6E760CF64A45C76A73A0FF54728F44033DDAAD866E4DF7CD008CA04
                                                                                                                                                                                                                                                  Function 00007FF682E93AE4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: $
                                                                                                                                                                                                                                                  • API String ID: 0-227171996
                                                                                                                                                                                                                                                  • Opcode ID: 631a3e48eb673e1850d57232dc56befdf755ff5fd67b38a64b6ca9c49a913018
                                                                                                                                                                                                                                                  • Instruction ID: fdd84c819e4c8b4c018ce39a9acba0314d7346d3c71478d428eb9b7f3be16b55
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 631a3e48eb673e1850d57232dc56befdf755ff5fd67b38a64b6ca9c49a913018
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ACE1A532A18A46C6EB689A39815817D33A0FF45B4CF14523FDA0E87794DF79E861C708
                                                                                                                                                                                                                                                  Function 00007FF682E9E4B0 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: e+000$gfff
                                                                                                                                                                                                                                                  • API String ID: 0-3030954782
                                                                                                                                                                                                                                                  • Opcode ID: 95f5c728ca916dfdd01defb08dd518f9d9b28e517fc4b7b4370436378f7798ef
                                                                                                                                                                                                                                                  • Instruction ID: 4a6ae0a33e7921b1b19607358116864f582171b916fbca0cce85ae2ecec97569
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 95f5c728ca916dfdd01defb08dd518f9d9b28e517fc4b7b4370436378f7798ef
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A517D62B182C5C6E7248E3599087696791FB44B58F8C823FCB9887AC6DEBDD460C704
                                                                                                                                                                                                                                                  Function 00007FF682EA0F38 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1010374628-0
                                                                                                                                                                                                                                                  • Opcode ID: 4b7c577155937df3467bd9cdd4550942c9176b8fc8785c5dc3f7c97a7b0e1b3f
                                                                                                                                                                                                                                                  • Instruction ID: f44c3ddb51a2150ca91d78df773dc1154e12eb474b5fbb7d679d7640d443a8b7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b7c577155937df3467bd9cdd4550942c9176b8fc8785c5dc3f7c97a7b0e1b3f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7602AF22A1D653C0FB64AB22D40827926E4BF61B98F45453DDD6FEA3D2DEBCE411C308
                                                                                                                                                                                                                                                  Function 00007FF682E9E01C Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: gfffffff
                                                                                                                                                                                                                                                  • API String ID: 0-1523873471
                                                                                                                                                                                                                                                  • Opcode ID: da57d4f04fe3a59080078ae7a8b70c1646e0beb0550e210eb96496c016bfbe06
                                                                                                                                                                                                                                                  • Instruction ID: c524c740a9a85e3812302d76c9f089cfd883bb6a8b92886cf646527d8311aa9f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da57d4f04fe3a59080078ae7a8b70c1646e0beb0550e210eb96496c016bfbe06
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2BA14663A08785C6EB25CB26A4047AD7B91BF50B88F48813BDF8D87781DE7DE521C701
                                                                                                                                                                                                                                                  Function 00007FF682E986D0 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID: TMP
                                                                                                                                                                                                                                                  • API String ID: 3215553584-3125297090
                                                                                                                                                                                                                                                  • Opcode ID: 67c65d79a34d6aec5643e5b3f73a1241e03d40d371e40f538c07cd5aef059625
                                                                                                                                                                                                                                                  • Instruction ID: b5ac28b1eed0089ee3e4e137037008beff9ec741832bdae84d23c42a8f1ece59
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 67c65d79a34d6aec5643e5b3f73a1241e03d40d371e40f538c07cd5aef059625
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09519015F08352C1FA68EB2759191BA52917F44BCCF48403EDD0ED7BA6EEBCE462C208
                                                                                                                                                                                                                                                  Function 00007FF682EA3AF0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: HeapProcess
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 54951025-0
                                                                                                                                                                                                                                                  • Opcode ID: 2a498131316ba0cf2da72d1126b97be92acaa4b08e35d008cc1bd8d186f782f7
                                                                                                                                                                                                                                                  • Instruction ID: 03f89c0fb49ca90a657acfcd10af2691d41d89c193e0e6758aafe42775905cca
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a498131316ba0cf2da72d1126b97be92acaa4b08e35d008cc1bd8d186f782f7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5B09260E1BA46C2EB482B916C8A21422A47F68B04F94403CC10D92320DE6C20B58724
                                                                                                                                                                                                                                                  Function 00007FF682E936E0 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 208e6a978d65b3df04c2d2163cfe11b9ca3e791e60348233d6b397c6ac133608
                                                                                                                                                                                                                                                  • Instruction ID: ab202a387f5136893c35614b8460dfb0b2d7a88441dd023f1835aa669d4fb979
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 208e6a978d65b3df04c2d2163cfe11b9ca3e791e60348233d6b397c6ac133608
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9CD1A062A08642C6EB788B39845827E27A1FF05B4CF14523ECE0D877D5CFB9E865C348
                                                                                                                                                                                                                                                  Function 00007FF682E88FD0 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 926518188b614a96dab23eca74cd6fab0ac352dd7b9dabb22d14e7e66e5c8c54
                                                                                                                                                                                                                                                  • Instruction ID: c701cff16b8da0e5197e08692305bacd559af00f17355d37c0820a7118dc583d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 926518188b614a96dab23eca74cd6fab0ac352dd7b9dabb22d14e7e66e5c8c54
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40C103322142F48BD699EB29E45947A33E2FBA930DBD5403EEB874B785CA3CE414D750
                                                                                                                                                                                                                                                  Function 00007FF682E92D50 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b67fe5c4df14f10fbabbc179396d5558260dc0a4d214c0f6109c6307dd6f74d9
                                                                                                                                                                                                                                                  • Instruction ID: ddd6c1267aad89b20d3991d2e3af4a6d21f44c19d34121559918d4a89220585a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b67fe5c4df14f10fbabbc179396d5558260dc0a4d214c0f6109c6307dd6f74d9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 31B13972908645C5EB658F39809823C7BA4FB49B4CF24423FCA4E87395CFBAD461C749
                                                                                                                                                                                                                                                  Function 00007FF682E9EB30 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 41de09fd609196546d8b05baa0994189bc53ea50dddfb86cdccda31fca7eba1c
                                                                                                                                                                                                                                                  • Instruction ID: 56c2d841c461245e7b09671c0ddc164f803e042960a7ae2c1c6562f0f9954bdc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41de09fd609196546d8b05baa0994189bc53ea50dddfb86cdccda31fca7eba1c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C081D472A08781C6E7748B2994883B96691FF46798F98423FDB8D83B85DE7DD460CB04
                                                                                                                                                                                                                                                  Function 00007FF682EA6D70 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                                                  • Opcode ID: 14e965909f7280d7a3652a0ca181d92c694a9cf8fd4ee26df7ecbe6e2bc61af1
                                                                                                                                                                                                                                                  • Instruction ID: e0c69dcec4f0f2b8de84e705105fd298794ca14821b2d831241344c50531bd64
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 14e965909f7280d7a3652a0ca181d92c694a9cf8fd4ee26df7ecbe6e2bc61af1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 85611C22F18242C6FF648E29C05823966A1BF62768F14423DD62FD66D5DEFDE901C704
                                                                                                                                                                                                                                                  Function 00007FF682E922A4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3c25247ae15e209603ec1042d904b34171e82564d0ea1a98edeaeffe93ffac02
                                                                                                                                                                                                                                                  • Instruction ID: 93e8976b4e621bf49d0bd30241e9e260d55883d3909db56981c6f0f30a8da907
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c25247ae15e209603ec1042d904b34171e82564d0ea1a98edeaeffe93ffac02
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81515076A18652C2EB24CB29D04822877A0FF55B6CF24513FCE4D97794CF7AE862C744
                                                                                                                                                                                                                                                  Function 00007FF682E91A84 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 51394bb55acd0354c6b54540f03649d9a1ed653df3d59b65c3bbefa0f3d6b76a
                                                                                                                                                                                                                                                  • Instruction ID: 195b585b74b83d96bba100e325e712e27e0a5afe21327c79f1404117b062c583
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 51394bb55acd0354c6b54540f03649d9a1ed653df3d59b65c3bbefa0f3d6b76a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E518376A18651C6E7248B29C05826C33A1FF45B6CF24413ECE4D9B794EFBAE862C744
                                                                                                                                                                                                                                                  Function 00007FF682E91E94 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: fa1e8384b8f9ed93a652e40ff1fad70abf09339abefc5cb7d3385a95e3869c9a
                                                                                                                                                                                                                                                  • Instruction ID: 61e423376866b644d1c2f49c29c6a7eb15555284e4f416e2eabdb80aea06953a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa1e8384b8f9ed93a652e40ff1fad70abf09339abefc5cb7d3385a95e3869c9a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 65516036A18655C6EB248B29C04833963A0FF59B5CF24413FDE4D8B794CFBAE862C744
                                                                                                                                                                                                                                                  Function 00007FF682E91C90 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d4595b9fb9fef9db7488d00d8b5cf28c2737f3b7c2e6c847ec82cdef55389f28
                                                                                                                                                                                                                                                  • Instruction ID: 58b78e290512253a4b2d184c6609e1980176573774e49d239792da8b1151068c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4595b9fb9fef9db7488d00d8b5cf28c2737f3b7c2e6c847ec82cdef55389f28
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41517176A18651C6E7248B29C04837837A1FF49B5DF64413ECE4C9B794CFBAE862C744
                                                                                                                                                                                                                                                  Function 00007FF682E920A0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 8494ecf62f03c1d3943c1d589e4c29644468de266d09ee5189585ab02985f6c2
                                                                                                                                                                                                                                                  • Instruction ID: 9aa27d758951c12717adf0293e943ee8d7427c156393bc2fd236e233bbc12529
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8494ecf62f03c1d3943c1d589e4c29644468de266d09ee5189585ab02985f6c2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83518036A18651C5EB248B29D04822867A1FF45B5CF24413FCE4C97795CFBAEC62CB44
                                                                                                                                                                                                                                                  Function 00007FF682E91880 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: cbef8b130d79a7ad9bd62ede7a83548c92a3f011a0e32d449ba268992e3839f7
                                                                                                                                                                                                                                                  • Instruction ID: 8ddc9e7f4b6066442a8259874503c7d0ed8ca99d80fb19aa3573d40b4c4cf6ca
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cbef8b130d79a7ad9bd62ede7a83548c92a3f011a0e32d449ba268992e3839f7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18515036A18691C5EB248B29C04822867A1FF49B5CF24413ECE4D9B794CFBAED62D744
                                                                                                                                                                                                                                                  Function 00007FF682E95F30 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                                  • Instruction ID: 3877a0fe2bd4da318b0f380a682cabd2012f0ee3c5071e57ca130c75585b0a46
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E41E25280DB4EC4E9A18D19451C7B42680FF22BB8D5852BFDD9D973C2CE4E25AAC208
                                                                                                                                                                                                                                                  Function 00007FF682E9A430 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 485612231-0
                                                                                                                                                                                                                                                  • Opcode ID: 2970ddd5f501fe71afef01217e103934546d8fb7f20af68bec1b913dc8647c23
                                                                                                                                                                                                                                                  • Instruction ID: 7f0b8ef807142000a0d8055b02403a1415524c7e75b9034338723bfee0f180ec
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2970ddd5f501fe71afef01217e103934546d8fb7f20af68bec1b913dc8647c23
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B441E162B18A5482EF18CF2AD91816963A1BF48FD8B48903BEE0DD7B58DE7CD452C304
                                                                                                                                                                                                                                                  Function 00007FF682E97C98 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d2b002bbc49f8edc76fb8066870c38d7afee558bd2249c300808c44e7bc92a50
                                                                                                                                                                                                                                                  • Instruction ID: 713d018354c7bf757c157e7f507389a2ee5b9df03398f7853e474600e549c30c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d2b002bbc49f8edc76fb8066870c38d7afee558bd2249c300808c44e7bc92a50
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD31B672709B4282E764DB25A48427D6AD5BF86B94F04423DEE4EA3BD6DF7CD012C708
                                                                                                                                                                                                                                                  Function 00007FF682EA9E40 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: dada551c461b21fdad657b6bac4cbdfad31b05eb9b59333086b2e0a15b162055
                                                                                                                                                                                                                                                  • Instruction ID: e654fd2140f44e0877342d04d04dcd4c66904bd8243e32840d0a14ec600ca19c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dada551c461b21fdad657b6bac4cbdfad31b05eb9b59333086b2e0a15b162055
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 59F04471628255CADB948F6DA4426297BD0FB48389B50C07DE599C7E14DA7C9050CF08
                                                                                                                                                                                                                                                  Function 00007FF682E8C760 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 5749315d7b24dceccc8714b5042f108a7de79c1631c17c6a95dc8ed6b888950b
                                                                                                                                                                                                                                                  • Instruction ID: 25aa4f11a8de5b454429b2747d5575ef46c9d7681eefed83179b755bc7ca5969
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5749315d7b24dceccc8714b5042f108a7de79c1631c17c6a95dc8ed6b888950b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 02A0026194CC06D0E7488B20F8580702730FF72308B50103DD44ED10A0DFBDA581C318
                                                                                                                                                                                                                                                  Function 00007FF682E86EF0 Relevance: 164.8, APIs: 31, Strings: 63, Instructions: 263libraryloaderCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AddressProc
                                                                                                                                                                                                                                                  • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                                  • API String ID: 190572456-2208601799
                                                                                                                                                                                                                                                  • Opcode ID: 7c721144a29f82c0df2178d2ac20e82e85a8926ad6b3cde14d1131664071774a
                                                                                                                                                                                                                                                  • Instruction ID: 7ec6f2d999aea7c84984b85bc5b2e5a6e0825320c672ba0dea9bea463020b7d2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c721144a29f82c0df2178d2ac20e82e85a8926ad6b3cde14d1131664071774a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7EE1B364A49B03D0FB598F05A8981B467B5BF25758F84503DD89FA63A4EFFCF548C208
                                                                                                                                                                                                                                                  Function 00007FF682E812B0 Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 136COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Message_fread_nolock
                                                                                                                                                                                                                                                  • String ID: %s%c%s$Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$\$fread$fseek$malloc
                                                                                                                                                                                                                                                  • API String ID: 3065259568-2316137593
                                                                                                                                                                                                                                                  • Opcode ID: 177abdf14fc9c841984a4527118494491755f9154b3595ae679b628ca0bad231
                                                                                                                                                                                                                                                  • Instruction ID: 58e46f8aa075a45b4878bc7c7a1cb6d82b19674b21597cbf53e55b6ea53bbe4e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 177abdf14fc9c841984a4527118494491755f9154b3595ae679b628ca0bad231
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B51C561A58683C5EA209711E8587FA23A0FF5478CF80403EEE8DD7B95DEBCE541C708
                                                                                                                                                                                                                                                  Function 00007FF682E823F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                                  • String ID: P%
                                                                                                                                                                                                                                                  • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                                  • Opcode ID: 7645c0c2d2fce03d3aab2d1fd33ee4a3925b53edade4cf92fedf68089910dc30
                                                                                                                                                                                                                                                  • Instruction ID: 2aef13ee5708f4007a964cd6f0c3f1fd5307f958b4c54f76f9ac2b5dd0645cbd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7645c0c2d2fce03d3aab2d1fd33ee4a3925b53edade4cf92fedf68089910dc30
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4510666614BA1C6D7249F22A01C1BAB7A1FBA8B65F004129EBCF83684DF7CD085CB14
                                                                                                                                                                                                                                                  Function 00007FF682E967A4 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID: -$:$f$p$p
                                                                                                                                                                                                                                                  • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                                                  • Opcode ID: c6ac63e3974c66327622d921c1304357062fd3cb2bcbfe9c56688102bfb98152
                                                                                                                                                                                                                                                  • Instruction ID: b23eb27b5e28d1cd0d535fbc22d663079262002749f121b36751b85ee41e3e0b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c6ac63e3974c66327622d921c1304357062fd3cb2bcbfe9c56688102bfb98152
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B7126272E08143C6FB24AE15D1586B976A1FF40758F94803FE699876C4EFBCE5A4CB08
                                                                                                                                                                                                                                                  Function 00007FF682E91108 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID: f$f$p$p$f
                                                                                                                                                                                                                                                  • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                                                  • Opcode ID: 7160b50ef5c5d9843a5fd5f0d5cd643ebb1f382f7049b3f2f81a6a7c29ab944c
                                                                                                                                                                                                                                                  • Instruction ID: 3b448b94775dd284ed3e00c49c893772784694044053a1d22bd070329e23ee85
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7160b50ef5c5d9843a5fd5f0d5cd643ebb1f382f7049b3f2f81a6a7c29ab944c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 06128162E0C243C6FB609A55E0487B97261FF41758F84413FE69A8A7C4DFBDE4A0DB18
                                                                                                                                                                                                                                                  Function 00007FF682E815A0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 99COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Message
                                                                                                                                                                                                                                                  • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                                  • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                                                  • Opcode ID: 50ef22e55c6d384a611bdd27779cbc563cb6f2ecfb2fcee110ada23eaf159ce0
                                                                                                                                                                                                                                                  • Instruction ID: f4ac239d0bd2433808a40ed7000d75432dec76ba56abd353699a300829cad54a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 50ef22e55c6d384a611bdd27779cbc563cb6f2ecfb2fcee110ada23eaf159ce0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C231A261B58683C6EA209B51E4081BA63A0FF147CCF58403EDE8E9BA55EEBCE541D708
                                                                                                                                                                                                                                                  Function 00007FF682E8EB00 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                                  • String ID: csm$csm$csm
                                                                                                                                                                                                                                                  • API String ID: 849930591-393685449
                                                                                                                                                                                                                                                  • Opcode ID: 2b2a4badfdaa60d9abfb93841dcb65d735c0fc58e4118d1b5c2a51383b6331b7
                                                                                                                                                                                                                                                  • Instruction ID: e6ec9abcb091619b00ca26b3a17911cb4e8c706e109b5a978c7f3efbc75245e7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b2a4badfdaa60d9abfb93841dcb65d735c0fc58e4118d1b5c2a51383b6331b7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FFE18B32A48B81CAEB209B65D4482AD77A0FF45B9CF58013DEE8D97B95DF78E480C704
                                                                                                                                                                                                                                                  Function 00007FF682E9F1D0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF682E9F56A,?,?,00000231371D9A68,00007FF682E9B317,?,?,?,00007FF682E9B20E,?,?,?,00007FF682E96452), ref: 00007FF682E9F34C
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF682E9F56A,?,?,00000231371D9A68,00007FF682E9B317,?,?,?,00007FF682E9B20E,?,?,?,00007FF682E96452), ref: 00007FF682E9F358
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                  • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                                  • Opcode ID: d2429d82f74935346a71535361e23a0a0fd68cfa18870ede5d154c99e1daa8a5
                                                                                                                                                                                                                                                  • Instruction ID: 757b8b00091504724aa287dfe50c0d0d855c43d15462012dc62837a21655d322
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d2429d82f74935346a71535361e23a0a0fd68cfa18870ede5d154c99e1daa8a5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C411161B19A02C1FB16CB16A8082753391BF45BA8F98453EDD0DD77C4EEBCE459C348
                                                                                                                                                                                                                                                  Function 00007FF682E886B0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 104COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF682E8101D), ref: 00007FF682E88747
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF682E8101D), ref: 00007FF682E8879E
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide
                                                                                                                                                                                                                                                  • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                                                  • API String ID: 626452242-27947307
                                                                                                                                                                                                                                                  • Opcode ID: eab7300bdb6d3a0e8c37a52e8ffe4b868ba89da5f1b431e459bc38a6420b0676
                                                                                                                                                                                                                                                  • Instruction ID: e2f20b88df25c4faae4f65825bd46e971b9684ce246b9918d7ed34dcb2215faf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eab7300bdb6d3a0e8c37a52e8ffe4b868ba89da5f1b431e459bc38a6420b0676
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D418C32A08A86C2E620CF15A84416AA6A1FF95B98F54413DEE8DC7B94DFBCD051C708
                                                                                                                                                                                                                                                  Function 00007FF682E88BF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00007FF682E839EA), ref: 00007FF682E88C31
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682E829E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF682E887F2,?,?,?,?,?,?,?,?,?,?,?,00007FF682E8101D), ref: 00007FF682E82A14
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682E829E0: MessageBoxW.USER32 ref: 00007FF682E82AF0
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00007FF682E839EA), ref: 00007FF682E88CA5
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                                                                  • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                                                  • API String ID: 3723044601-27947307
                                                                                                                                                                                                                                                  • Opcode ID: 2e1636658b28b01bd5fed9df7358174580d9369d5f4c6a29190667afae102fd2
                                                                                                                                                                                                                                                  • Instruction ID: 9be042ccffa08925bc25e9f4671b608a6862fa0ee803cf2eab949824628cc992
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e1636658b28b01bd5fed9df7358174580d9369d5f4c6a29190667afae102fd2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81218531609B46C5E710DF16A8480797661FF95B88B58413DDA8ED3794DFBCE541C308
                                                                                                                                                                                                                                                  Function 00007FF682E875A0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 136COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo$_fread_nolock
                                                                                                                                                                                                                                                  • String ID: %s%c%s$ERROR: file already exists but should not: %s$PYINSTALLER_STRICT_UNPACK_MODE$WARNING: file already exists but should not: %s$\
                                                                                                                                                                                                                                                  • API String ID: 3231891352-3501660386
                                                                                                                                                                                                                                                  • Opcode ID: 0c183e133c5fbc1ffe3f319d699f8627423da4d6d465f0011bb75cd22a0eadb8
                                                                                                                                                                                                                                                  • Instruction ID: ff4052228131bcaf76cbe246d5130eefdb4d41d256ec14ba0c439c15a30bc227
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c183e133c5fbc1ffe3f319d699f8627423da4d6d465f0011bb75cd22a0eadb8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75519224A4D643D1FA109725D99C2F952917F95B88F88003DED8DC77D6EEECE500C348
                                                                                                                                                                                                                                                  Function 00007FF682E87420 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682E88AE0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF682E82ABB), ref: 00007FF682E88B1A
                                                                                                                                                                                                                                                  • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF682E879A1,00000000,?,00000000,00000000,?,00007FF682E8154F), ref: 00007FF682E8747F
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682E82B30: MessageBoxW.USER32 ref: 00007FF682E82C05
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF682E87456
                                                                                                                                                                                                                                                  • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF682E874DA
                                                                                                                                                                                                                                                  • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF682E87493
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                                                  • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                                                                                  • API String ID: 1662231829-3498232454
                                                                                                                                                                                                                                                  • Opcode ID: 5e8575f0beacdb372a81e9debe9bb6d766e8e255e7029f60019f70bf69282784
                                                                                                                                                                                                                                                  • Instruction ID: 2f4e7860266e6245bc1c66aa70d42cf987e2b7b6d61590983902a88a7255dbbb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e8575f0beacdb372a81e9debe9bb6d766e8e255e7029f60019f70bf69282784
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F318955F5D782D0FB209721D59D3BA5291BF987C8F44443EDA8EC2BD6EEACE104C608
                                                                                                                                                                                                                                                  Function 00007FF682E8DDB8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF682E8E06A,?,?,?,00007FF682E8DD5C,?,?,00000001,00007FF682E8D979), ref: 00007FF682E8DE3D
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF682E8E06A,?,?,?,00007FF682E8DD5C,?,?,00000001,00007FF682E8D979), ref: 00007FF682E8DE4B
                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF682E8E06A,?,?,?,00007FF682E8DD5C,?,?,00000001,00007FF682E8D979), ref: 00007FF682E8DE75
                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF682E8E06A,?,?,?,00007FF682E8DD5C,?,?,00000001,00007FF682E8D979), ref: 00007FF682E8DEBB
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF682E8E06A,?,?,?,00007FF682E8DD5C,?,?,00000001,00007FF682E8D979), ref: 00007FF682E8DEC7
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                                  • String ID: api-ms-
                                                                                                                                                                                                                                                  • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                                  • Opcode ID: fa40dd5a34ae4d0b6736a9b6b46f8404287a490a05e4db78c585315ae40f634e
                                                                                                                                                                                                                                                  • Instruction ID: f9aab01c52e71de5fd17b5dff0661c54f1821f5409f63ccb3f3c35a3808c1d58
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa40dd5a34ae4d0b6736a9b6b46f8404287a490a05e4db78c585315ae40f634e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F31C522E5AB42D1EE61DB12A80857923D4FF68BA8F59053DDD9E97780DFBCE440C308
                                                                                                                                                                                                                                                  Function 00007FF682E88AE0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF682E82ABB), ref: 00007FF682E88B1A
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682E829E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF682E887F2,?,?,?,?,?,?,?,?,?,?,?,00007FF682E8101D), ref: 00007FF682E82A14
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682E829E0: MessageBoxW.USER32 ref: 00007FF682E82AF0
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF682E82ABB), ref: 00007FF682E88BA0
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                                                                  • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                                                  • API String ID: 3723044601-876015163
                                                                                                                                                                                                                                                  • Opcode ID: e9f73450c241f9258fe7f7d1ce7d786b1826e77a4ef85916bb6afda639b6a0a1
                                                                                                                                                                                                                                                  • Instruction ID: 0c024d66c9f50892070b2816f775577f9850d7531ca67a7e93c7e56f20bee802
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e9f73450c241f9258fe7f7d1ce7d786b1826e77a4ef85916bb6afda639b6a0a1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 22217366B08A42C1EB50CB15F804169A3A1FF957C8F58423DDB8DD3BA9EF6CD541C708
                                                                                                                                                                                                                                                  Function 00007FF682E9B710 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                                                                                  • Opcode ID: 5e25a57dc3899cb5d9e1114fbc8c557aa55031a2469902f6cab5e8a78f8e35b9
                                                                                                                                                                                                                                                  • Instruction ID: 220a3be72eba34e4fa41b67c24b4b90bd802b194b94ef3eb7cfa581c3fbf69a1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e25a57dc3899cb5d9e1114fbc8c557aa55031a2469902f6cab5e8a78f8e35b9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77218E64A0C342C1FA68A771565D17A62527F447B8F54073EE83ED6BC7DEECA821C608
                                                                                                                                                                                                                                                  Function 00007FF682EA85BC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                                  • String ID: CONOUT$
                                                                                                                                                                                                                                                  • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                                  • Opcode ID: 47774de373198f8681994077b4026dd9a590ed4534763da2009e0dd4878e84a9
                                                                                                                                                                                                                                                  • Instruction ID: f98378314f74437ed29084499fd3454eb112e308333751e61a5a31ce727514ca
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 47774de373198f8681994077b4026dd9a590ed4534763da2009e0dd4878e84a9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29118161A18B41C6F7508B46E85832966B0FFA8BE8F44023CDA5ED77A4CFBCD444C748
                                                                                                                                                                                                                                                  Function 00007FF682E9B888 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF682E954CD,?,?,?,?,00007FF682E9F1BF,?,?,00000000,00007FF682E9B9A6,?,?,?), ref: 00007FF682E9B897
                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF682E954CD,?,?,?,?,00007FF682E9F1BF,?,?,00000000,00007FF682E9B9A6,?,?,?), ref: 00007FF682E9B8CD
                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF682E954CD,?,?,?,?,00007FF682E9F1BF,?,?,00000000,00007FF682E9B9A6,?,?,?), ref: 00007FF682E9B8FA
                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF682E954CD,?,?,?,?,00007FF682E9F1BF,?,?,00000000,00007FF682E9B9A6,?,?,?), ref: 00007FF682E9B90B
                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF682E954CD,?,?,?,?,00007FF682E9F1BF,?,?,00000000,00007FF682E9B9A6,?,?,?), ref: 00007FF682E9B91C
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,?,00007FF682E954CD,?,?,?,?,00007FF682E9F1BF,?,?,00000000,00007FF682E9B9A6,?,?,?), ref: 00007FF682E9B937
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                                                                                  • Opcode ID: 941158fb4e6d3a9375e13d6d10033e8ffcdbbced4d4dd5e625aa307a16b34608
                                                                                                                                                                                                                                                  • Instruction ID: 2ec04fc622f0de3efa8ad2994205c21b5ce4b18cf417155aed6fe73ace899a80
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 941158fb4e6d3a9375e13d6d10033e8ffcdbbced4d4dd5e625aa307a16b34608
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 781181A0E0C742C5F7289771554D17922517F487B8F54073ED83ED67C6DEACA421C708
                                                                                                                                                                                                                                                  Function 00007FF682E8D778 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                                  • String ID: csm$f
                                                                                                                                                                                                                                                  • API String ID: 2395640692-629598281
                                                                                                                                                                                                                                                  • Opcode ID: c8f7f253a213423ff5db8842e39d1181b4fa0cc0edf0f0e27fe70a45a9ca17df
                                                                                                                                                                                                                                                  • Instruction ID: 7fddbde1559668f4762a270dbc047662b4ac2f0a6931c50a0092c494aae39b16
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c8f7f253a213423ff5db8842e39d1181b4fa0cc0edf0f0e27fe70a45a9ca17df
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC51A332A59642CADB15DB25E408A293795FF40B9CF51813CDADE87B48DFF8E941C708
                                                                                                                                                                                                                                                  Function 00007FF682E82600 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                                                  • String ID: Unhandled exception in script
                                                                                                                                                                                                                                                  • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                                                  • Opcode ID: ef2f79dabe8b940bf64869f24e404b0ac86445532df2e67e8084f44f9f65f5c2
                                                                                                                                                                                                                                                  • Instruction ID: cd4ffd9716e4e86e65e28853f788ff3beb80f7429db6fc6a9a01da43fbc77b9f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef2f79dabe8b940bf64869f24e404b0ac86445532df2e67e8084f44f9f65f5c2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB316372A19A82C9EB24DF61E8592F96360FF88788F44413EEA8E87B55DF7CD105C704
                                                                                                                                                                                                                                                  Function 00007FF682E829E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69windowCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF682E887F2,?,?,?,?,?,?,?,?,?,?,?,00007FF682E8101D), ref: 00007FF682E82A14
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682E88560: GetLastError.KERNEL32(00000000,00007FF682E82A5E,?,?,?,?,?,?,?,?,?,?,?,00007FF682E8101D), ref: 00007FF682E88587
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682E88560: FormatMessageW.KERNEL32 ref: 00007FF682E885B6
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682E88AE0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF682E82ABB), ref: 00007FF682E88B1A
                                                                                                                                                                                                                                                  • MessageBoxW.USER32 ref: 00007FF682E82AF0
                                                                                                                                                                                                                                                  • MessageBoxA.USER32 ref: 00007FF682E82B0C
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Message$ErrorLast$ByteCharFormatMultiWide
                                                                                                                                                                                                                                                  • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                                                  • API String ID: 2806210788-2410924014
                                                                                                                                                                                                                                                  • Opcode ID: c01ac0bbfceecfac493be67ae1d6a2211250b6a817a0c50f994bc812b65e1c92
                                                                                                                                                                                                                                                  • Instruction ID: 33094171282ab8b3c829ae2e1e24f0c35db3acba6a2e239622f9a6c2f783e22b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c01ac0bbfceecfac493be67ae1d6a2211250b6a817a0c50f994bc812b65e1c92
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34319272628A85C1E730DB10E4556DA6364FF94788F40413EEACD97A99DFBCD305CB48
                                                                                                                                                                                                                                                  Function 00007FF682E9A018 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                  • Opcode ID: bbe3d75c1d18d9b252fc65a249d413b32bc9fbcf71b4c61f8ce4d80949566840
                                                                                                                                                                                                                                                  • Instruction ID: 844bb1ccff26ebd21416d1e8cc568504516556ede24d5540dfa98a4ccd9a1eb4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bbe3d75c1d18d9b252fc65a249d413b32bc9fbcf71b4c61f8ce4d80949566840
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E3F04F61A09702C1EF208B24E84C37A5770FF69769F94023EC56E862E4CFBDD488C358
                                                                                                                                                                                                                                                  Function 00007FF682EA9C40 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _set_statfp
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1156100317-0
                                                                                                                                                                                                                                                  • Opcode ID: a62d4fcbb0970871e45180a1f834c32a3c4d190302dd8db61346826940fa499d
                                                                                                                                                                                                                                                  • Instruction ID: 775fb1366835ba3ae7fb17160cd89c3e226b005e07263ea1cfea6ed17105d0d0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a62d4fcbb0970871e45180a1f834c32a3c4d190302dd8db61346826940fa499d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C114272E18E03C1F7641568E54E3B918F17F753A8E09463CE56FA67DACEAD6844C20C
                                                                                                                                                                                                                                                  Function 00007FF682E9B950 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • FlsGetValue.KERNEL32(?,?,?,00007FF682E9AB67,?,?,00000000,00007FF682E9AE02,?,?,?,?,?,00007FF682E930CC), ref: 00007FF682E9B96F
                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF682E9AB67,?,?,00000000,00007FF682E9AE02,?,?,?,?,?,00007FF682E930CC), ref: 00007FF682E9B98E
                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF682E9AB67,?,?,00000000,00007FF682E9AE02,?,?,?,?,?,00007FF682E930CC), ref: 00007FF682E9B9B6
                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF682E9AB67,?,?,00000000,00007FF682E9AE02,?,?,?,?,?,00007FF682E930CC), ref: 00007FF682E9B9C7
                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF682E9AB67,?,?,00000000,00007FF682E9AE02,?,?,?,?,?,00007FF682E930CC), ref: 00007FF682E9B9D8
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                                                                                  • Opcode ID: 4fc6ccaa14371e387e5c22fb95057e46c3ade10dd54edcd3ce0e48e5b46d1de5
                                                                                                                                                                                                                                                  • Instruction ID: 76c231f6557d34daa4378b1e57b38da5632e784429cbbedf0ebfbc0d5f311f6a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4fc6ccaa14371e387e5c22fb95057e46c3ade10dd54edcd3ce0e48e5b46d1de5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7311AF60B08242C5FA689B66954927931417F403B8F58433EE87ED67C6DEACE861C608
                                                                                                                                                                                                                                                  Function 00007FF682E9B7E4 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                                                                                  • Opcode ID: 64fe73475c7f3c5e3ff0e30dd8e21900901c314ca9004384e47b330d372873f3
                                                                                                                                                                                                                                                  • Instruction ID: 393235a9fc2fd5125e50924aa87692e5a661693e2a2f34c2c4b56e7af9c92e67
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 64fe73475c7f3c5e3ff0e30dd8e21900901c314ca9004384e47b330d372873f3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A21118A0E09207C6FA78AB71585D1B921817F4977CE58073ED83EDA2D3DDBCB821C619
                                                                                                                                                                                                                                                  Function 00007FF682E964B4 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID: verbose
                                                                                                                                                                                                                                                  • API String ID: 3215553584-579935070
                                                                                                                                                                                                                                                  • Opcode ID: ad3fface7d4b2ce3aa9510f497705372120eac90acd968bb25d3a192cbea6c12
                                                                                                                                                                                                                                                  • Instruction ID: b800a10a8ad36378b496da5f61322a9600f67750b57b42b9271545942fc2ac3c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ad3fface7d4b2ce3aa9510f497705372120eac90acd968bb25d3a192cbea6c12
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F91BF32A08646C6E7618F25D45877D36A4BF40B9CF84413FDA9E863D6DEBDE861C308
                                                                                                                                                                                                                                                  Function 00007FF682EA05A8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                                  • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                                  • Opcode ID: 1a54e2a2b62d6839c513ace75884cea9e48035532f3c44be9a18c4b4dcf643eb
                                                                                                                                                                                                                                                  • Instruction ID: 1fb315f0a2b896398d3c8796757de083669acf6c9b833588fa36be05cd2613d6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a54e2a2b62d6839c513ace75884cea9e48035532f3c44be9a18c4b4dcf643eb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 54819F72D08202C5E7659E29C21837836F0BF61B8CF55803DEA0BE7695DEBDE801DA49
                                                                                                                                                                                                                                                  Function 00007FF682E8EFD8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                                  • String ID: MOC$RCC
                                                                                                                                                                                                                                                  • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                                  • Opcode ID: 37ce56c1d967fba8f41503b71a699ba51a6fbc199d8f022e66d4a2d7a57293db
                                                                                                                                                                                                                                                  • Instruction ID: 82f1baf2c4ee84bb27a4942a8601526b91148da9f39a3919c076ba3e4ed7ac01
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 37ce56c1d967fba8f41503b71a699ba51a6fbc199d8f022e66d4a2d7a57293db
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 59617932A08A45CAE7208F65D4843BD77A0FB58B8CF444229EE8D97B99DFB8E155C704
                                                                                                                                                                                                                                                  Function 00007FF682E8F334 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                                  • String ID: csm$csm
                                                                                                                                                                                                                                                  • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                                  • Opcode ID: 80d5d2ed719ea387a00afc8e5c38e85421d4b0de11d669121429011e6c75d481
                                                                                                                                                                                                                                                  • Instruction ID: c0a9ca5c6a14d1934ff016c3c494b962dca7344afe331f16570c62ad7a042d51
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 80d5d2ed719ea387a00afc8e5c38e85421d4b0de11d669121429011e6c75d481
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49517B72948282C6EA748F11954827877A0FF54B98F94413EDADDC7AD5DFBCE850CB08
                                                                                                                                                                                                                                                  Function 00007FF682E82890 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69windowCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                                  • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                                                  • API String ID: 1878133881-2410924014
                                                                                                                                                                                                                                                  • Opcode ID: e8e3c511841a02337865787422672dc7088828a74b651abb3bad42d47e8d3758
                                                                                                                                                                                                                                                  • Instruction ID: 59c0c95499f01e5559a809adddcf1733d7fb6473aa03d23ff210239ec72ab7bf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e8e3c511841a02337865787422672dc7088828a74b651abb3bad42d47e8d3758
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E2318372628A81C1E630DB10E4556EA6364FF947C8F80413EEACD97A99DFBCD305CB48
                                                                                                                                                                                                                                                  Function 00007FF682E83EC0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,00007FF682E839EA), ref: 00007FF682E83EF1
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682E829E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF682E887F2,?,?,?,?,?,?,?,?,?,?,?,00007FF682E8101D), ref: 00007FF682E82A14
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682E829E0: MessageBoxW.USER32 ref: 00007FF682E82AF0
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorFileLastMessageModuleName
                                                                                                                                                                                                                                                  • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                                                                                  • API String ID: 2581892565-1977442011
                                                                                                                                                                                                                                                  • Opcode ID: 227eff0bc0a0d80c8f8e7ebb06cca3199172163df290dc8daf9e61b6ec9130a6
                                                                                                                                                                                                                                                  • Instruction ID: 452f24192cfeb73a2be44c132cf8a1f634eb1056769de1ff971a51f556739d1c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 227eff0bc0a0d80c8f8e7ebb06cca3199172163df290dc8daf9e61b6ec9130a6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10017561B6D646C0FA609721D85E3F553A17F5C78CF80043ED88EC62A2EE9CE105C708
                                                                                                                                                                                                                                                  Function 00007FF682E9CB60 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2718003287-0
                                                                                                                                                                                                                                                  • Opcode ID: 9513e67bca3e1584d4e6c680d6c879e0cc2bad3dff94493eb0c92e1d92f8606a
                                                                                                                                                                                                                                                  • Instruction ID: 6f65d8fae5b209d9ba443daeea66b7f9e03a54ccf18a97869473decf08bd672b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9513e67bca3e1584d4e6c680d6c879e0cc2bad3dff94493eb0c92e1d92f8606a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7D1FF72B18A81C9E710CF65D4442AC3BB1FB58B9CB04523EDE5EA7B99DE78D416C304
                                                                                                                                                                                                                                                  Function 00007FF682E82330 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1956198572-0
                                                                                                                                                                                                                                                  • Opcode ID: ecac84c754e5eddc26d74cef75c58701df5fcac281216c238072f9f7c8686c02
                                                                                                                                                                                                                                                  • Instruction ID: f432ac824f25ca7a5b76e9d051319c330f336b7ec9b2b97ae95e3c43c1729574
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ecac84c754e5eddc26d74cef75c58701df5fcac281216c238072f9f7c8686c02
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E110C61E58183C2FB54976AF55C2B912A1FF94B85F44803DEA8947B8DCDFCD4C5C608
                                                                                                                                                                                                                                                  Function 00007FF682EA628C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID: ?
                                                                                                                                                                                                                                                  • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                                  • Opcode ID: 17ef38b8e319b62c4683ba5c2bd00e0c19603a4e78082bfdfdcdf9d98f8fed33
                                                                                                                                                                                                                                                  • Instruction ID: a05a97147a5e824bfa1b5b50f62dc98a27e6ce4b483d8defb10517a0b84d3e27
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 17ef38b8e319b62c4683ba5c2bd00e0c19603a4e78082bfdfdcdf9d98f8fed33
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DB411712A18282C2FB209B25D40937A56B0FFA1BACF14423DEF6E96AD5DE7CD442C704
                                                                                                                                                                                                                                                  Function 00007FF682E995A4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 00007FF682E995D6
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682E9AF0C: RtlFreeHeap.NTDLL(?,?,?,00007FF682EA3392,?,?,?,00007FF682EA33CF,?,?,00000000,00007FF682EA3895,?,?,00000000,00007FF682EA37C7), ref: 00007FF682E9AF22
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF682E9AF0C: GetLastError.KERNEL32(?,?,?,00007FF682EA3392,?,?,?,00007FF682EA33CF,?,?,00000000,00007FF682EA3895,?,?,00000000,00007FF682EA37C7), ref: 00007FF682E9AF2C
                                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF682E8BFE5), ref: 00007FF682E995F4
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID: C:\Users\user\Desktop\7EznMik8Fw.exe
                                                                                                                                                                                                                                                  • API String ID: 3580290477-3256252632
                                                                                                                                                                                                                                                  • Opcode ID: 72bea691884ec75b0bcc04dadd89fc5e2ba2839e886db2c4c4036b89f533388c
                                                                                                                                                                                                                                                  • Instruction ID: 170ac1d51c811683a80ed14c7d3e130f49cc6da5503d74b78fdcdd4c098a554e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 72bea691884ec75b0bcc04dadd89fc5e2ba2839e886db2c4c4036b89f533388c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D0418172A08752C6EB64DF25D4441B93794FF84B88B54403EE94E87B85DF7DE4A1C308
                                                                                                                                                                                                                                                  Function 00007FF682E9D1F8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                  • String ID: U
                                                                                                                                                                                                                                                  • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                                  • Opcode ID: c155d3c2efe6fcc9017d536d5590e74356888db1e245345eaaebbd58f2ba0871
                                                                                                                                                                                                                                                  • Instruction ID: 58ae286e331e98c654f20b30a78a65dbb14fb4e769634a52b0f6f879c93f92f8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c155d3c2efe6fcc9017d536d5590e74356888db1e245345eaaebbd58f2ba0871
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D441D262A18A51C1EB20DF65E4483A967A0FF98B98F80403EEE8DC7798DFBCD451C704
                                                                                                                                                                                                                                                  Function 00007FF682E9F918 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CurrentDirectory
                                                                                                                                                                                                                                                  • String ID: :
                                                                                                                                                                                                                                                  • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                                  • Opcode ID: 4482f0b2aa88d097fa4b172b4d0b9d8fa621ceaf6a6e580bcf5a02da10cef38f
                                                                                                                                                                                                                                                  • Instruction ID: c98ba5eb37b6aacbc78e7966bf7700c03a85d41824dc8bd77950793dfe956a56
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4482f0b2aa88d097fa4b172b4d0b9d8fa621ceaf6a6e580bcf5a02da10cef38f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9521E162A08681C5EB209B15D05D26D73B1FF84B4CF95803EDA9D832C4DFBCE955C749
                                                                                                                                                                                                                                                  Function 00007FF682E82C50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57windowCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                                  • String ID: Error detected
                                                                                                                                                                                                                                                  • API String ID: 1878133881-3513342764
                                                                                                                                                                                                                                                  • Opcode ID: 93d1fdc723546ae567f8218d0d5003b65100b09b9274e520b1b2c374812bf196
                                                                                                                                                                                                                                                  • Instruction ID: 2e7072edf530e11c62268c5a8f3f2578b83af53d55d257adf342c532a607f0fc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 93d1fdc723546ae567f8218d0d5003b65100b09b9274e520b1b2c374812bf196
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AD21B772628A85D1EB20D710F4946EA6364FF9478CF80113EE68D97AA5DFBCD205C704
                                                                                                                                                                                                                                                  Function 00007FF682E82B30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57windowCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                                  • String ID: Fatal error detected
                                                                                                                                                                                                                                                  • API String ID: 1878133881-4025702859
                                                                                                                                                                                                                                                  • Opcode ID: 63802d79dfeaf9ba572d8d5d5ffec4a1fc362ac500ecb438f71a9def6701a566
                                                                                                                                                                                                                                                  • Instruction ID: b31540b1f9e6f8a79bc507550bbe3ec3e73c0a8f1e599e302f2cc162711f8ae2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 63802d79dfeaf9ba572d8d5d5ffec4a1fc362ac500ecb438f71a9def6701a566
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D821A372628A85C1EB20DB10F4546EA6364FF9478CF80113EEA8D97AA5DFBCD205CB04
                                                                                                                                                                                                                                                  Function 00007FF682E8FE80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                                  • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                                  • Opcode ID: 010ed9957d99c3a93ebfd805af8ad73f2bfdfbf7bf3eba5be717857b77bb313e
                                                                                                                                                                                                                                                  • Instruction ID: f982595eee408fdcdb465e14937998d5d83c4d54744a23e0cf94c391ffe2bf3c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 010ed9957d99c3a93ebfd805af8ad73f2bfdfbf7bf3eba5be717857b77bb313e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5113732618B4182EB608B15F45426977A0FB98B98F584239DACD87799EF7CC551CB04
                                                                                                                                                                                                                                                  Function 00007FF682EA041C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3397017480.00007FF682E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF682E80000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3396989948.00007FF682E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397049276.00007FF682EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397076452.00007FF682EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3397125800.00007FF682EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff682e80000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID: :
                                                                                                                                                                                                                                                  • API String ID: 2595371189-336475711
                                                                                                                                                                                                                                                  • Opcode ID: d56ef0e9341907a819310a39eb36239c8511962549d77217a4abb3fc68a978d5
                                                                                                                                                                                                                                                  • Instruction ID: 96f8bfc1130e00cf3c76d85ea56d63f0d9fda8a5b5418348fd3b2279374bf588
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d56ef0e9341907a819310a39eb36239c8511962549d77217a4abb3fc68a978d5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE014F6191C246C6FB60AF60D4692BE63A0FF9470DF84003ED54ED6691DFBCE944CA18

                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                  Execution Coverage:0.5%
                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                  Signature Coverage:32%
                                                                                                                                                                                                                                                  Total number of Nodes:362
                                                                                                                                                                                                                                                  Total number of Limit Nodes:40
                                                                                                                                                                                                                                                  execution_graph 81767 7ffd93631e90 PyList_New 81768 7ffd93631eae 81767->81768 81769 7ffd93631eb7 81767->81769 81770 7ffd93631edf 81769->81770 81771 7ffd93631f3e 81769->81771 81775 7ffd93631fcd malloc 81770->81775 81777 7ffd93631ef1 PyErr_SetFromWindowsErr 81770->81777 81772 7ffd93631fa1 81771->81772 81773 7ffd93631f46 __acrt_iob_func 81771->81773 81772->81775 81776 7ffd93631fad PyErr_SetString 81772->81776 81798 7ffd93631d70 __stdio_common_vfprintf fprintf 81773->81798 81778 7ffd93631ff1 NtQuerySystemInformation 81775->81778 81779 7ffd93631fe6 PyErr_NoMemory 81775->81779 81776->81775 81791 7ffd93631ef9 81776->81791 81777->81791 81783 7ffd93632020 81778->81783 81784 7ffd9363200d 81778->81784 81779->81791 81780 7ffd93631f6d __acrt_iob_func 81799 7ffd93631d70 __stdio_common_vfprintf fprintf 81780->81799 81781 7ffd93631f00 _Py_Dealloc 81782 7ffd93631f09 81781->81782 81787 7ffd93631f0e free 81782->81787 81788 7ffd93631f17 81782->81788 81789 7ffd93632146 free 81783->81789 81792 7ffd93632040 Py_BuildValue 81783->81792 81797 7ffd9363212e _Py_Dealloc 81783->81797 81801 7ffd93631350 11 API calls 81784->81801 81787->81788 81795 7ffd93632157 81789->81795 81790 7ffd93631f87 __acrt_iob_func 81800 7ffd93631d70 __stdio_common_vfprintf fprintf 81790->81800 81791->81781 81791->81782 81792->81791 81794 7ffd93632112 PyList_Append 81792->81794 81794->81783 81794->81795 81795->81791 81796 7ffd93632167 _Py_Dealloc 81795->81796 81796->81791 81797->81783 81798->81780 81799->81790 81800->81772 81801->81791 81802 7ffd93631dc0 GetSystemTimes 81803 7ffd93631ddd PyErr_SetFromWindowsErr 81802->81803 81804 7ffd93631dec Py_BuildValue 81802->81804 81805 7ffd936318c0 PyModule_Create2 81806 7ffd936318fd getenv 81805->81806 81807 7ffd93631a21 81805->81807 81821 7ffd936313d0 PyEval_SaveThread LoadLibraryA PyEval_RestoreThread 81806->81821 81912 7ffd9363a030 8 API calls 2 library calls 81807->81912 81810 7ffd93631926 81810->81807 81812 7ffd93631940 RtlGetVersion 81810->81812 81811 7ffd93631a33 81813 7ffd93631954 GetSystemInfo InitializeCriticalSection 81812->81813 81876 7ffd93637db0 GetCurrentProcess OpenProcessToken 81813->81876 81817 7ffd936319dd PyModule_GetState PyErr_NewException 81818 7ffd93631a13 81817->81818 81819 7ffd93631a44 36 API calls 81817->81819 81818->81807 81820 7ffd93631a18 _Py_Dealloc 81818->81820 81819->81807 81820->81807 81822 7ffd93631401 PyErr_SetFromWindowsErrWithFilename 81821->81822 81823 7ffd93631412 GetProcAddress 81821->81823 81824 7ffd9363143f 81822->81824 81825 7ffd93631427 PyErr_SetFromWindowsErrWithFilename FreeLibrary 81823->81825 81826 7ffd93631458 GetModuleHandleA 81823->81826 81824->81810 81825->81824 81827 7ffd93631471 PyErr_SetFromWindowsErrWithFilename 81826->81827 81828 7ffd9363147a GetProcAddress 81826->81828 81827->81810 81828->81827 81830 7ffd936314b7 GetModuleHandleA 81828->81830 81831 7ffd936314d0 PyErr_SetFromWindowsErrWithFilename 81830->81831 81832 7ffd936314d9 GetProcAddress 81830->81832 81831->81810 81832->81831 81834 7ffd93631516 PyEval_SaveThread LoadLibraryA PyEval_RestoreThread 81832->81834 81835 7ffd93631544 PyErr_SetFromWindowsErrWithFilename 81834->81835 81836 7ffd9363156a GetProcAddress 81834->81836 81835->81810 81837 7ffd9363157f PyErr_SetFromWindowsErrWithFilename FreeLibrary 81836->81837 81838 7ffd936315b0 81836->81838 81837->81810 81913 7ffd936312c0 PyEval_SaveThread LoadLibraryA PyEval_RestoreThread 81838->81913 81841 7ffd936312c0 7 API calls 81842 7ffd936315ed 81841->81842 81842->81824 81843 7ffd936312c0 7 API calls 81842->81843 81844 7ffd93631610 81843->81844 81844->81824 81845 7ffd936312c0 7 API calls 81844->81845 81846 7ffd93631633 81845->81846 81846->81824 81847 7ffd936312c0 7 API calls 81846->81847 81848 7ffd93631656 81847->81848 81848->81824 81849 7ffd936312c0 7 API calls 81848->81849 81850 7ffd93631679 81849->81850 81850->81824 81851 7ffd936312c0 7 API calls 81850->81851 81852 7ffd9363169c 81851->81852 81852->81824 81853 7ffd936312c0 7 API calls 81852->81853 81854 7ffd936316bf 81853->81854 81854->81824 81855 7ffd936316cf GetModuleHandleA 81854->81855 81856 7ffd936316e1 PyErr_SetFromWindowsErrWithFilename 81855->81856 81857 7ffd936316ea GetProcAddress 81855->81857 81856->81810 81857->81856 81859 7ffd93631727 81857->81859 81860 7ffd936312c0 7 API calls 81859->81860 81861 7ffd93631741 81860->81861 81861->81824 81862 7ffd93631751 GetModuleHandleA 81861->81862 81863 7ffd93631763 81862->81863 81864 7ffd9363176c GetProcAddress 81862->81864 81865 7ffd93631788 PyErr_SetFromWindowsErrWithFilename 81863->81865 81866 7ffd93631781 81864->81866 81867 7ffd93631792 81864->81867 81865->81867 81866->81865 81868 7ffd936312c0 7 API calls 81867->81868 81869 7ffd936317ac 81868->81869 81870 7ffd936312c0 7 API calls 81869->81870 81871 7ffd936317c6 81870->81871 81872 7ffd936312c0 7 API calls 81871->81872 81873 7ffd936317e0 81872->81873 81874 7ffd936312c0 7 API calls 81873->81874 81875 7ffd936317fa PyErr_Clear 81874->81875 81875->81810 81877 7ffd93637e9d 81876->81877 81878 7ffd93637e09 GetLastError 81876->81878 81881 7ffd93637eb1 LookupPrivilegeValueA 81877->81881 81882 7ffd93637ea7 81877->81882 81879 7ffd93637e66 GetLastError 81878->81879 81880 7ffd93637e16 ImpersonateSelf 81878->81880 81930 7ffd93631010 __stdio_common_vsprintf fprintf 81879->81930 81884 7ffd93637e23 81880->81884 81885 7ffd93637e39 OpenProcessToken 81880->81885 81887 7ffd93637f03 AdjustTokenPrivileges 81881->81887 81888 7ffd93637ed1 GetLastError 81881->81888 81886 7ffd93637d10 7 API calls 81882->81886 81928 7ffd93631070 11 API calls 81884->81928 81885->81877 81893 7ffd93637e50 81885->81893 81906 7ffd93637e34 81886->81906 81889 7ffd93637f47 GetLastError 81887->81889 81890 7ffd93637f7a AdjustTokenPrivileges 81887->81890 81931 7ffd93631010 __stdio_common_vsprintf fprintf 81888->81931 81932 7ffd93631010 __stdio_common_vsprintf fprintf 81889->81932 81898 7ffd93637fb4 81890->81898 81899 7ffd93637fc5 RevertToSelf CloseHandle 81890->81899 81891 7ffd93637e86 PyErr_SetFromWindowsErrWithFilename 81900 7ffd93637d10 7 API calls 81891->81900 81929 7ffd93631070 11 API calls 81893->81929 81896 7ffd93637ef1 PyErr_SetFromWindowsErrWithFilename 81903 7ffd93637fc0 81896->81903 81933 7ffd93631070 11 API calls 81898->81933 81899->81906 81900->81906 81901 7ffd93637e2f 81907 7ffd93637d10 7 API calls 81901->81907 81902 7ffd93637e5c 81909 7ffd93637d10 7 API calls 81902->81909 81918 7ffd93637d10 81903->81918 81904 7ffd93637f69 PyErr_SetFromWindowsErrWithFilename 81904->81903 81934 7ffd9363a030 8 API calls 2 library calls 81906->81934 81907->81906 81909->81906 81911 7ffd936319d9 81911->81807 81911->81817 81912->81811 81914 7ffd936312fd PyErr_SetFromWindowsErrWithFilename 81913->81914 81915 7ffd9363130a GetProcAddress 81913->81915 81916 7ffd9363132f 81914->81916 81915->81916 81917 7ffd9363131b PyErr_SetFromWindowsErrWithFilename FreeLibrary 81915->81917 81916->81824 81916->81841 81917->81916 81919 7ffd93637d1d __acrt_iob_func 81918->81919 81920 7ffd93637d78 GetLastError 81918->81920 81935 7ffd93631d70 __stdio_common_vfprintf fprintf 81919->81935 81922 7ffd93637da0 PyErr_Clear 81920->81922 81923 7ffd93637d83 PyErr_WarnEx 81920->81923 81923->81922 81924 7ffd93637d44 __acrt_iob_func 81936 7ffd93631d70 __stdio_common_vfprintf fprintf 81924->81936 81926 7ffd93637d5e __acrt_iob_func 81937 7ffd93631d70 __stdio_common_vfprintf fprintf 81926->81937 81928->81901 81929->81902 81930->81891 81931->81896 81932->81904 81933->81903 81934->81911 81935->81924 81936->81926 81937->81920 81938 7ffd93661490 GetSystemInfo 81939 7ffd936614c4 81938->81939 81940 7ffd93950710 81941 7ffd93950728 81940->81941 81942 7ffd93950866 81941->81942 81943 7ffd93950836 ERR_new ERR_set_debug 81941->81943 81945 7ffd9395086d 81941->81945 81943->81942 81944 7ffd939508ce ERR_new ERR_set_debug 81944->81942 81945->81942 81945->81944 81946 7ffd938e1992 81947 7ffd938fd300 81946->81947 81948 7ffd938fd363 81947->81948 81949 7ffd938fd32f ERR_new ERR_set_debug ERR_set_error 81947->81949 81985 7ffd938e1087 81948->81985 81950 7ffd938fd35c 81949->81950 81952 7ffd938fd36f 81952->81950 81953 7ffd938fd381 ERR_new ERR_set_debug ERR_set_error 81952->81953 81954 7ffd938fd3ff CRYPTO_zalloc 81952->81954 81955 7ffd938fd3af ERR_new ERR_set_debug 81953->81955 81954->81955 81956 7ffd938fd41e CRYPTO_THREAD_lock_new 81954->81956 81959 7ffd938fd3d1 ERR_set_error 81955->81959 81957 7ffd938fd439 ERR_new ERR_set_debug ERR_set_error CRYPTO_free 81956->81957 81958 7ffd938fd481 81956->81958 81957->81950 81960 7ffd938fd489 CRYPTO_strdup 81958->81960 81961 7ffd938fd4ae 81958->81961 81959->81950 81960->81955 81960->81961 81961->81955 81962 7ffd938fd502 OPENSSL_LH_new 81961->81962 81962->81955 81963 7ffd938fd522 X509_STORE_new 81962->81963 81963->81955 81964 7ffd938fd534 CTLOG_STORE_new_ex 81963->81964 81964->81955 81965 7ffd938fd54f 81964->81965 81965->81950 81995 7ffd938e1361 7 API calls 81965->81995 81967 7ffd938fd567 81967->81950 81967->81955 81968 7ffd938fd5ca OPENSSL_sk_num 81967->81968 81969 7ffd938fd786 ERR_new ERR_set_debug 81967->81969 81968->81969 81970 7ffd938fd5db X509_VERIFY_PARAM_new 81968->81970 81969->81959 81970->81955 81971 7ffd938fd5f0 81970->81971 81972 7ffd938fd617 OPENSSL_sk_new_null 81971->81972 81972->81955 81973 7ffd938fd633 OPENSSL_sk_new_null 81972->81973 81973->81955 81974 7ffd938fd648 CRYPTO_new_ex_data 81973->81974 81974->81955 81975 7ffd938fd664 CRYPTO_secure_zalloc 81974->81975 81975->81955 81976 7ffd938fd68b 81975->81976 81977 7ffd938fd6a4 RAND_bytes_ex 81976->81977 81996 7ffd938e12cb CRYPTO_THREAD_run_once 81976->81996 81979 7ffd938fd70c 81977->81979 81980 7ffd938fd6d4 RAND_priv_bytes_ex 81977->81980 81981 7ffd938fd717 RAND_priv_bytes_ex 81979->81981 81980->81979 81983 7ffd938fd6ee RAND_priv_bytes_ex 81980->81983 81981->81955 81984 7ffd938fd735 81981->81984 81982 7ffd938fd69d 81982->81977 81983->81979 81983->81981 81984->81950 81984->81955 81985->81952 81986 7ffd938fb730 81985->81986 81987 7ffd938fb74c 81986->81987 81990 7ffd938fb79a 81986->81990 81988 7ffd938fb755 ERR_new ERR_set_debug ERR_set_error 81987->81988 81989 7ffd938fb78d 81987->81989 81988->81989 81989->81952 81990->81989 81991 7ffd938fb806 81990->81991 81992 7ffd938fb7e4 CRYPTO_THREAD_run_once 81990->81992 81993 7ffd938fb83e 81991->81993 81994 7ffd938fb80d CRYPTO_THREAD_run_once 81991->81994 81992->81989 81992->81991 81993->81952 81994->81952 81995->81967 81996->81982 81997 7ffd938e14f1 81998 7ffd939276e0 81997->81998 81999 7ffd939277b6 81998->81999 82000 7ffd93927798 memmove 81998->82000 82001 7ffd939277d3 81998->82001 81999->82001 82002 7ffd9392783b ERR_new ERR_set_debug 81999->82002 82006 7ffd93927877 81999->82006 82000->81999 82002->82001 82003 7ffd939278a0 SetLastError 82004 7ffd939279c0 ERR_new ERR_set_debug 82003->82004 82005 7ffd939278b5 BIO_read 82003->82005 82004->82001 82005->82006 82007 7ffd939278e3 BIO_test_flags 82005->82007 82006->82001 82006->82003 82007->82006 82008 7ffd939278f3 BIO_ctrl 82007->82008 82008->82006 82009 7ffd93927935 82008->82009 82009->82001 82010 7ffd93927958 ERR_new ERR_set_debug 82009->82010 82010->82001 82011 7ffd939074a0 82012 7ffd939074b5 82011->82012 82013 7ffd939074cc ERR_set_mark OBJ_nid2sn EVP_CIPHER_fetch ERR_pop_to_mark 82012->82013 82014 7ffd939074f1 82012->82014 82013->82014 82015 7ffd938ffae0 82016 7ffd938ffaf0 82015->82016 82017 7ffd938ffb00 ERR_new ERR_set_debug ERR_set_error 82016->82017 82018 7ffd938ffb3b 82016->82018 82019 7ffd938ffbb5 82018->82019 82020 7ffd938ffb75 ASYNC_get_current_job 82018->82020 82022 7ffd938ffbbb 82018->82022 82028 7ffd938e1df2 82019->82028 82058 7ffd9393e5ec 82019->82058 82088 7ffd938e14bf 82019->82088 82020->82019 82021 7ffd938ffb7f 82020->82021 82118 7ffd939083e0 ERR_new ERR_set_debug ERR_new ERR_set_debug ERR_set_error 82021->82118 82024 7ffd938ffbaa 82028->82022 82029 7ffd9393e020 82028->82029 82030 7ffd9393ea73 82029->82030 82031 7ffd9393e73a ERR_clear_error SetLastError 82029->82031 82030->82022 82032 7ffd9393e753 82031->82032 82032->82030 82033 7ffd9393e808 82032->82033 82034 7ffd9393e855 82032->82034 82047 7ffd9393e79e 82032->82047 82035 7ffd9393e86d 82033->82035 82039 7ffd9393e820 ERR_new 82033->82039 82034->82035 82036 7ffd9393e861 ERR_new 82034->82036 82043 7ffd9393e885 ERR_new 82035->82043 82050 7ffd9393e891 82035->82050 82037 7ffd9393e82a ERR_set_debug 82036->82037 82046 7ffd9393e850 82037->82046 82039->82037 82040 7ffd9393e9f5 82041 7ffd9393ea00 ERR_new ERR_set_debug 82040->82041 82044 7ffd9393ea32 ERR_new ERR_set_debug ERR_set_error 82040->82044 82045 7ffd938e1d89 82041->82045 82043->82037 82044->82046 82045->82044 82048 7ffd9393ea63 BUF_MEM_free 82046->82048 82047->82040 82047->82046 82047->82048 82119 7ffd9393e240 82047->82119 82133 7ffd9393ec70 82047->82133 82048->82030 82049 7ffd9393e8d7 82051 7ffd9393e91f 82049->82051 82052 7ffd9393e8ea ERR_new 82049->82052 82050->82049 82053 7ffd9393e8a7 ERR_new 82050->82053 82054 7ffd9393e8b6 82050->82054 82051->82047 82057 7ffd9393e939 ERR_new 82051->82057 82055 7ffd9393e8f4 ERR_set_debug 82052->82055 82053->82037 82054->82049 82056 7ffd9393e8c8 ERR_new 82054->82056 82055->82046 82056->82037 82057->82055 82059 7ffd9393e5f7 82058->82059 82060 7ffd9393ea73 82059->82060 82061 7ffd9393e73a ERR_clear_error SetLastError 82059->82061 82060->82022 82062 7ffd9393e753 82061->82062 82062->82060 82063 7ffd9393e808 82062->82063 82064 7ffd9393e855 82062->82064 82077 7ffd9393e79e 82062->82077 82065 7ffd9393e86d 82063->82065 82069 7ffd9393e820 ERR_new 82063->82069 82064->82065 82066 7ffd9393e861 ERR_new 82064->82066 82073 7ffd9393e885 ERR_new 82065->82073 82080 7ffd9393e891 82065->82080 82067 7ffd9393e82a ERR_set_debug 82066->82067 82076 7ffd9393e850 82067->82076 82068 7ffd9393e240 24 API calls 82068->82077 82069->82067 82070 7ffd9393e9f5 82071 7ffd9393ea00 ERR_new ERR_set_debug 82070->82071 82074 7ffd9393ea32 ERR_new ERR_set_debug ERR_set_error 82070->82074 82075 7ffd938e1d89 82071->82075 82072 7ffd9393ec70 22 API calls 82072->82077 82073->82067 82074->82076 82075->82074 82078 7ffd9393ea63 BUF_MEM_free 82076->82078 82077->82068 82077->82070 82077->82072 82077->82076 82077->82078 82078->82060 82079 7ffd9393e8d7 82081 7ffd9393e91f 82079->82081 82082 7ffd9393e8ea ERR_new 82079->82082 82080->82079 82083 7ffd9393e8a7 ERR_new 82080->82083 82084 7ffd9393e8b6 82080->82084 82081->82077 82087 7ffd9393e939 ERR_new 82081->82087 82085 7ffd9393e8f4 ERR_set_debug 82082->82085 82083->82067 82084->82079 82086 7ffd9393e8c8 ERR_new 82084->82086 82085->82076 82086->82067 82087->82085 82088->82022 82089 7ffd9393df00 82088->82089 82090 7ffd9393e73a ERR_clear_error SetLastError 82089->82090 82109 7ffd9393ea73 82089->82109 82091 7ffd9393e753 82090->82091 82092 7ffd9393e808 82091->82092 82093 7ffd9393e855 82091->82093 82106 7ffd9393e79e 82091->82106 82091->82109 82094 7ffd9393e86d 82092->82094 82098 7ffd9393e820 ERR_new 82092->82098 82093->82094 82095 7ffd9393e861 ERR_new 82093->82095 82102 7ffd9393e885 ERR_new 82094->82102 82110 7ffd9393e891 82094->82110 82096 7ffd9393e82a ERR_set_debug 82095->82096 82105 7ffd9393e850 82096->82105 82097 7ffd9393e240 24 API calls 82097->82106 82098->82096 82099 7ffd9393e9f5 82100 7ffd9393ea00 ERR_new ERR_set_debug 82099->82100 82103 7ffd9393ea32 ERR_new ERR_set_debug ERR_set_error 82099->82103 82104 7ffd938e1d89 82100->82104 82101 7ffd9393ec70 22 API calls 82101->82106 82102->82096 82103->82105 82104->82103 82107 7ffd9393ea63 BUF_MEM_free 82105->82107 82106->82097 82106->82099 82106->82101 82106->82105 82106->82107 82107->82109 82108 7ffd9393e8d7 82111 7ffd9393e91f 82108->82111 82112 7ffd9393e8ea ERR_new 82108->82112 82109->82022 82110->82108 82113 7ffd9393e8a7 ERR_new 82110->82113 82114 7ffd9393e8b6 82110->82114 82111->82106 82117 7ffd9393e939 ERR_new 82111->82117 82115 7ffd9393e8f4 ERR_set_debug 82112->82115 82113->82096 82114->82108 82116 7ffd9393e8c8 ERR_new 82114->82116 82115->82105 82116->82096 82117->82115 82118->82024 82121 7ffd9393e25a 82119->82121 82120 7ffd9393e500 ERR_new 82123 7ffd9393e50a ERR_set_debug 82120->82123 82121->82120 82124 7ffd9393e591 ERR_new 82121->82124 82125 7ffd9393e576 82121->82125 82127 7ffd9393e557 82121->82127 82129 7ffd9393e5a0 ERR_new ERR_set_debug 82121->82129 82130 7ffd9393e3be BUF_MEM_grow_clean 82121->82130 82131 7ffd9393e52d ERR_new ERR_set_debug 82121->82131 82149 7ffd938e1c62 82121->82149 82164 7ffd938e11c7 memcmp 82121->82164 82123->82127 82124->82123 82126 7ffd9393e582 ERR_new 82125->82126 82125->82127 82128 7ffd9393e4cd ERR_set_debug 82126->82128 82127->82047 82128->82127 82129->82127 82130->82121 82130->82131 82131->82127 82134 7ffd9393ec8c 82133->82134 82135 7ffd9393ed22 ERR_new ERR_set_debug 82134->82135 82137 7ffd9393f005 82134->82137 82138 7ffd9393ef51 82134->82138 82142 7ffd9393efec 82134->82142 82144 7ffd9393efd3 82134->82144 82148 7ffd9393ef8a 82134->82148 82165 7ffd938e1389 CRYPTO_zalloc ERR_new ERR_set_debug ERR_set_error 82134->82165 82166 7ffd938e1140 CRYPTO_free 82134->82166 82167 7ffd938e1294 10 API calls 82134->82167 82135->82138 82136 7ffd9393f011 ERR_new 82140 7ffd9393f01b ERR_set_debug 82136->82140 82137->82136 82137->82138 82138->82047 82140->82138 82143 7ffd9393eff6 ERR_new 82142->82143 82143->82137 82146 7ffd9393efdd ERR_new 82144->82146 82146->82142 82147 7ffd9393efa4 ERR_new 82147->82140 82148->82138 82148->82147 82149->82121 82150 7ffd93945490 82149->82150 82151 7ffd939454cc 82150->82151 82152 7ffd93945527 ERR_clear_error OPENSSL_sk_value X509_get0_pubkey 82150->82152 82153 7ffd939454e4 ERR_new ERR_set_debug 82150->82153 82151->82121 82154 7ffd93945562 82152->82154 82155 7ffd939456b6 ERR_new ERR_set_debug 82152->82155 82158 7ffd9394550c 82153->82158 82154->82155 82157 7ffd93945572 82154->82157 82156 7ffd939456de 82155->82156 82156->82121 82159 7ffd939455b4 82157->82159 82160 7ffd93945587 ERR_new ERR_set_debug 82157->82160 82158->82121 82161 7ffd939455e4 ERR_new ERR_set_debug 82159->82161 82162 7ffd93945611 X509_free X509_up_ref 82159->82162 82160->82156 82161->82156 82163 7ffd9394565e 82162->82163 82163->82121 82164->82121 82165->82134 82166->82134 82167->82134

                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                  Function 00007FFD936318C0 Relevance: 142.0, APIs: 44, Strings: 37, Instructions: 235COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3401786846.00007FFD93631000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFD93630000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3401763718.00007FFD93630000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3401813572.00007FFD9363B000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3401835610.00007FFD93640000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3401855906.00007FFD93641000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd93630000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Module_$Constant$Err_$Exception$Eval_ObjectThread$Create2CriticalDeallocFilenameFromInfoInitializeLibraryLoadRestoreSaveSectionStateSystemVersionWindowsWithgetenv
                                                                                                                                                                                                                                                  • String ID: ABOVE_NORMAL_PRIORITY_CLASS$BELOW_NORMAL_PRIORITY_CLASS$ERROR_ACCESS_DENIED$ERROR_INVALID_NAME$ERROR_PRIVILEGE_NOT_HELD$ERROR_SERVICE_DOES_NOT_EXIST$HIGH_PRIORITY_CLASS$IDLE_PRIORITY_CLASS$INFINITE$MIB_TCP_STATE_CLOSED$MIB_TCP_STATE_CLOSE_WAIT$MIB_TCP_STATE_CLOSING$MIB_TCP_STATE_DELETE_TCB$MIB_TCP_STATE_ESTAB$MIB_TCP_STATE_FIN_WAIT1$MIB_TCP_STATE_FIN_WAIT2$MIB_TCP_STATE_LAST_ACK$MIB_TCP_STATE_LISTEN$MIB_TCP_STATE_SYN_RCVD$MIB_TCP_STATE_SYN_SENT$MIB_TCP_STATE_TIME_WAIT$NORMAL_PRIORITY_CLASS$PSUTIL_CONN_NONE$PSUTIL_DEBUG$REALTIME_PRIORITY_CLASS$TimeoutAbandoned$TimeoutExpired$WINDOWS_10$WINDOWS_7$WINDOWS_8$WINDOWS_8_1$WINDOWS_VISTA$WINVER$_psutil_windows.Error$_psutil_windows.TimeoutAbandoned$_psutil_windows.TimeoutExpired$version
                                                                                                                                                                                                                                                  • API String ID: 887074641-2468274236
                                                                                                                                                                                                                                                  • Opcode ID: 4656843fcfd9a4fab3e528a616cb0e139eca0cf32d439c792de87cd9eebb126e
                                                                                                                                                                                                                                                  • Instruction ID: 1d799b28fe5c60153b8b114ce0bc4cb7470cecbfa81944d607d651d85e95df30
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4656843fcfd9a4fab3e528a616cb0e139eca0cf32d439c792de87cd9eebb126e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7C16C24B1CA0281FA78DB91E97437823A9EF89BD1F800035DD6E637A8DF6DE149C711
                                                                                                                                                                                                                                                  Function 00007FFD938E1992 Relevance: 58.0, APIs: 31, Strings: 2, Instructions: 255COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 95 7ffd938e1992-7ffd938fd32d call 7ffd938e1325 99 7ffd938fd363-7ffd938fd371 call 7ffd938e1087 95->99 100 7ffd938fd32f-7ffd938fd357 ERR_new ERR_set_debug ERR_set_error 95->100 101 7ffd938fd35c-7ffd938fd35e 99->101 105 7ffd938fd373-7ffd938fd37f call 7ffd938e1ea6 99->105 100->101 103 7ffd938fd3ec-7ffd938fd3fe 101->103 108 7ffd938fd381-7ffd938fd3aa ERR_new ERR_set_debug ERR_set_error 105->108 109 7ffd938fd3ff-7ffd938fd41c CRYPTO_zalloc 105->109 110 7ffd938fd3af-7ffd938fd3cc ERR_new ERR_set_debug 108->110 109->110 111 7ffd938fd41e-7ffd938fd437 CRYPTO_THREAD_lock_new 109->111 114 7ffd938fd3d1-7ffd938fd3d8 ERR_set_error 110->114 112 7ffd938fd439-7ffd938fd47c ERR_new ERR_set_debug ERR_set_error CRYPTO_free 111->112 113 7ffd938fd481-7ffd938fd487 111->113 115 7ffd938fd3e5 112->115 116 7ffd938fd489-7ffd938fd4a8 CRYPTO_strdup 113->116 117 7ffd938fd4ae-7ffd938fd4fc call 7ffd938e2662 113->117 118 7ffd938fd3dd-7ffd938fd3e0 call 7ffd938e2298 114->118 120 7ffd938fd3e7 115->120 116->110 116->117 117->110 124 7ffd938fd502-7ffd938fd51c OPENSSL_LH_new 117->124 118->115 120->103 124->110 125 7ffd938fd522-7ffd938fd52e X509_STORE_new 124->125 125->110 126 7ffd938fd534-7ffd938fd549 CTLOG_STORE_new_ex 125->126 126->110 127 7ffd938fd54f-7ffd938fd552 call 7ffd938e1618 126->127 129 7ffd938fd557-7ffd938fd559 127->129 129->118 130 7ffd938fd55f-7ffd938fd569 call 7ffd938e1361 129->130 130->118 133 7ffd938fd56f-7ffd938fd579 call 7ffd938e1393 130->133 133->118 136 7ffd938fd57f-7ffd938fd591 call 7ffd938e1118 call 7ffd938e2581 133->136 136->110 141 7ffd938fd597-7ffd938fd5c4 call 7ffd938e26da call 7ffd938e1fd2 136->141 146 7ffd938fd5ca-7ffd938fd5d5 OPENSSL_sk_num 141->146 147 7ffd938fd786-7ffd938fd7a8 ERR_new ERR_set_debug 141->147 146->147 148 7ffd938fd5db-7ffd938fd5ea X509_VERIFY_PARAM_new 146->148 147->114 148->110 149 7ffd938fd5f0-7ffd938fd62d call 7ffd938e185c * 2 OPENSSL_sk_new_null 148->149 149->110 154 7ffd938fd633-7ffd938fd642 OPENSSL_sk_new_null 149->154 154->110 155 7ffd938fd648-7ffd938fd65e CRYPTO_new_ex_data 154->155 155->110 156 7ffd938fd664-7ffd938fd685 CRYPTO_secure_zalloc 155->156 156->110 157 7ffd938fd68b-7ffd938fd696 156->157 158 7ffd938fd698-7ffd938fd69d call 7ffd938e12cb 157->158 159 7ffd938fd6a4-7ffd938fd6d2 RAND_bytes_ex 157->159 158->159 161 7ffd938fd70c 159->161 162 7ffd938fd6d4-7ffd938fd6ec RAND_priv_bytes_ex 159->162 163 7ffd938fd717-7ffd938fd72f RAND_priv_bytes_ex 161->163 162->161 165 7ffd938fd6ee-7ffd938fd70a RAND_priv_bytes_ex 162->165 163->110 166 7ffd938fd735-7ffd938fd73f call 7ffd938e25d1 163->166 165->161 165->163 166->110 169 7ffd938fd745-7ffd938fd781 call 7ffd938e2054 166->169 169->120
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$R_set_error$D_priv_bytes_ex$L_sk_new_nullX509_$D_bytes_exD_lock_newE_newE_new_exH_newL_sk_numM_newO_freeO_new_ex_dataO_secure_zallocO_strdupO_zalloc
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_lib.c$SSL_CTX_new_ex
                                                                                                                                                                                                                                                  • API String ID: 864562269-27091654
                                                                                                                                                                                                                                                  • Opcode ID: 0ef21fb0b24aa75d52d15136eef25518695f37dfed3ffb2822b27bc7d2223680
                                                                                                                                                                                                                                                  • Instruction ID: b91f0be301ea84de2a39f4f96acd2b98b0f26c38b70aaa307f6d810cdc3e7038
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ef21fb0b24aa75d52d15136eef25518695f37dfed3ffb2822b27bc7d2223680
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 00C18C65B19B42A1F774ABE1D8717F92398AF84784F480134DE4D2A6CAEF3DE844C750
                                                                                                                                                                                                                                                  Function 00007FFD93631E90 Relevance: 43.9, APIs: 19, Strings: 6, Instructions: 182COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 172 7ffd93631e90-7ffd93631eac PyList_New 173 7ffd93631eae-7ffd93631eb6 172->173 174 7ffd93631eb7-7ffd93631edd 172->174 175 7ffd93631edf-7ffd93631eeb 174->175 176 7ffd93631f3e-7ffd93631f44 174->176 181 7ffd93631fcd-7ffd93631fe4 malloc 175->181 184 7ffd93631ef1-7ffd93631ef3 PyErr_SetFromWindowsErr 175->184 177 7ffd93631fa1-7ffd93631fab 176->177 178 7ffd93631f46-7ffd93631f9c __acrt_iob_func call 7ffd93631d70 __acrt_iob_func call 7ffd93631d70 __acrt_iob_func call 7ffd93631d70 176->178 177->181 182 7ffd93631fad-7ffd93631fc7 PyErr_SetString 177->182 178->177 185 7ffd93631ff1-7ffd9363200b NtQuerySystemInformation 181->185 186 7ffd93631fe6-7ffd93631fec PyErr_NoMemory 181->186 182->181 183 7ffd93631ef9-7ffd93631efe 182->183 188 7ffd93631f00-7ffd93631f03 _Py_Dealloc 183->188 189 7ffd93631f09-7ffd93631f0c 183->189 184->183 190 7ffd93632020-7ffd93632023 185->190 191 7ffd9363200d-7ffd9363201b call 7ffd93631350 185->191 186->183 188->189 194 7ffd93631f0e-7ffd93631f11 free 189->194 195 7ffd93631f17-7ffd93631f3d 189->195 196 7ffd93632146-7ffd9363214f free 190->196 197 7ffd93632029-7ffd9363203d 190->197 191->183 194->195 203 7ffd93632157-7ffd93632161 196->203 200 7ffd93632040-7ffd9363210c Py_BuildValue 197->200 200->183 202 7ffd93632112-7ffd93632123 PyList_Append 200->202 202->203 205 7ffd93632125-7ffd9363212c 202->205 203->183 204 7ffd93632167-7ffd93632170 _Py_Dealloc 203->204 204->183 206 7ffd9363212e-7ffd93632131 _Py_Dealloc 205->206 207 7ffd93632137-7ffd93632140 205->207 206->207 207->196 207->200
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3401786846.00007FFD93631000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFD93630000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3401763718.00007FFD93630000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3401813572.00007FFD9363B000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3401835610.00007FFD93640000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3401855906.00007FFD93641000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd93630000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: DeallocErr_FromList_Windowsfree
                                                                                                                                                                                                                                                  • String ID: (ddddd)$GetActiveProcessorCount() not available; using GetSystemInfo()$GetSystemInfo() failed to retrieve CPU count$NtQuerySystemInformation(SystemProcessorPerformanceInformation)$psutil-debug [%s:%d]> $psutil/arch/windows\cpu.c
                                                                                                                                                                                                                                                  • API String ID: 2064544276-4027580629
                                                                                                                                                                                                                                                  • Opcode ID: 7190dbfe5ddc8fd9770f88d7c9040de05d44c9cbbe8f5b86af6aa6a4fad55d9a
                                                                                                                                                                                                                                                  • Instruction ID: 2bc91dd04648835552bf918b45c8c6f4f8f10d55bfe26d05207b2a0090fb71d7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7190dbfe5ddc8fd9770f88d7c9040de05d44c9cbbe8f5b86af6aa6a4fad55d9a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7171A731F18B428AF67A9F75A460279A3E9AF95B80B044336ED2F72754EF3CE4458700
                                                                                                                                                                                                                                                  Function 00007FFD93637DB0 Relevance: 38.6, APIs: 16, Strings: 6, Instructions: 128COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3401786846.00007FFD93631000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFD93630000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3401763718.00007FFD93630000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3401813572.00007FFD9363B000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3401835610.00007FFD93640000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3401855906.00007FFD93641000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd93630000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$Err_Process__acrt_iob_funcfprintf$FilenameFromOpenTokenWindowsWith$CurrentImpersonateSelfWarn
                                                                                                                                                                                                                                                  • String ID: (originated from %s)$AdjustTokenPrivileges$ImpersonateSelf$LookupPrivilegeValue$OpenProcessToken$SeDebugPrivilege
                                                                                                                                                                                                                                                  • API String ID: 2544101647-3705996988
                                                                                                                                                                                                                                                  • Opcode ID: 34da3196203b84411ab0fd01f7fc5e768038530ca3460100517b82b84452998e
                                                                                                                                                                                                                                                  • Instruction ID: 7b96e3161c457262686b4a201aa15f997dc40c63d453c71e0feb4cab4d1f2886
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 34da3196203b84411ab0fd01f7fc5e768038530ca3460100517b82b84452998e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA516335B1CB4681F7789BA1E8602B973A8FF84784F400436E5AE63669EF7CE509C740
                                                                                                                                                                                                                                                  Function 00007FFD936313D0 Relevance: 89.5, APIs: 27, Strings: 24, Instructions: 229libraryloaderthreadCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 29 7ffd936313d0-7ffd936313ff PyEval_SaveThread LoadLibraryA PyEval_RestoreThread 30 7ffd93631401-7ffd93631410 PyErr_SetFromWindowsErrWithFilename 29->30 31 7ffd93631412-7ffd93631425 GetProcAddress 29->31 32 7ffd9363143f-7ffd93631441 30->32 33 7ffd93631427-7ffd93631439 PyErr_SetFromWindowsErrWithFilename FreeLibrary 31->33 34 7ffd93631458-7ffd9363146f GetModuleHandleA 31->34 35 7ffd93631448-7ffd93631457 32->35 33->32 36 7ffd93631471-7ffd93631478 34->36 37 7ffd9363147a-7ffd9363148d GetProcAddress 34->37 38 7ffd93631496-7ffd936314b6 PyErr_SetFromWindowsErrWithFilename 36->38 39 7ffd9363148f 37->39 40 7ffd936314b7-7ffd936314ce GetModuleHandleA 37->40 39->38 41 7ffd936314d0-7ffd936314d7 40->41 42 7ffd936314d9-7ffd936314ec GetProcAddress 40->42 43 7ffd936314f5-7ffd93631515 PyErr_SetFromWindowsErrWithFilename 41->43 44 7ffd936314ee 42->44 45 7ffd93631516-7ffd93631542 PyEval_SaveThread LoadLibraryA PyEval_RestoreThread 42->45 44->43 46 7ffd93631544-7ffd93631569 PyErr_SetFromWindowsErrWithFilename 45->46 47 7ffd9363156a-7ffd9363157d GetProcAddress 45->47 48 7ffd9363157f-7ffd936315af PyErr_SetFromWindowsErrWithFilename FreeLibrary 47->48 49 7ffd936315b0-7ffd936315d4 call 7ffd936312c0 47->49 49->35 52 7ffd936315da-7ffd936315f7 call 7ffd936312c0 49->52 52->35 55 7ffd936315fd-7ffd9363161a call 7ffd936312c0 52->55 55->35 58 7ffd93631620-7ffd9363163d call 7ffd936312c0 55->58 58->35 61 7ffd93631643-7ffd93631660 call 7ffd936312c0 58->61 61->35 64 7ffd93631666-7ffd93631683 call 7ffd936312c0 61->64 64->35 67 7ffd93631689-7ffd936316a6 call 7ffd936312c0 64->67 67->35 70 7ffd936316ac-7ffd936316c9 call 7ffd936312c0 67->70 70->35 73 7ffd936316cf-7ffd936316df GetModuleHandleA 70->73 74 7ffd936316e1-7ffd936316e8 73->74 75 7ffd936316ea-7ffd936316fd GetProcAddress 73->75 76 7ffd93631706-7ffd93631726 PyErr_SetFromWindowsErrWithFilename 74->76 77 7ffd936316ff 75->77 78 7ffd93631727-7ffd9363174b call 7ffd936312c0 75->78 77->76 78->35 81 7ffd93631751-7ffd93631761 GetModuleHandleA 78->81 82 7ffd93631763-7ffd9363176a 81->82 83 7ffd9363176c-7ffd9363177f GetProcAddress 81->83 84 7ffd93631788-7ffd93631790 PyErr_SetFromWindowsErrWithFilename 82->84 85 7ffd93631781 83->85 86 7ffd93631792-7ffd936317c1 call 7ffd936312c0 * 2 83->86 84->86 85->84 90 7ffd936317c6-7ffd93631813 call 7ffd936312c0 * 2 PyErr_Clear 86->90
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3401786846.00007FFD93631000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFD93630000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3401763718.00007FFD93630000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3401813572.00007FFD9363B000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3401835610.00007FFD93640000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3401855906.00007FFD93641000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd93630000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Err_FilenameFromWindowsWith$AddressEval_LibraryProcThread$FreeHandleLoadModuleRestoreSave
                                                                                                                                                                                                                                                  • String ID: GetActiveProcessorCount$GetExtendedTcpTable$GetExtendedUdpTable$GetLogicalProcessorInformationEx$GetTickCount64$NtQueryInformationProcess$NtQueryObject$NtQuerySystemInformation$NtQueryVirtualMemory$NtResumeProcess$NtSetInformationProcess$NtSuspendProcess$RtlGetVersion$RtlIpv4AddressToStringA$RtlIpv6AddressToStringA$RtlNtStatusToDosErrorNoTeb$WTSEnumerateSessionsW$WTSFreeMemory$WTSQuerySessionInformationW$iphlpapi.dll$kernel32$ntdll$ntdll.dll$wtsapi32.dll
                                                                                                                                                                                                                                                  • API String ID: 3787047288-761253638
                                                                                                                                                                                                                                                  • Opcode ID: 6b7c78cd98652e75907c508de1284e9f0e804c7fc3037098929c04c6a191e3dd
                                                                                                                                                                                                                                                  • Instruction ID: 3b68a4345eccb89d86eef76062a1c7aaf49a92b1ead979f0cda47c3ef3d7e08c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6b7c78cd98652e75907c508de1284e9f0e804c7fc3037098929c04c6a191e3dd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49C1F420F0DB0780FA68AB94F87827923E9EF88740F845535E82D673A9EF7CE1558354
                                                                                                                                                                                                                                                  Function 00007FFD938E14BF Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 243COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 248 7ffd938e14bf-7ffd9393e734 call 7ffd938e1325 * 2 255 7ffd9393ea8a-7ffd9393eaa4 248->255 256 7ffd9393e73a-7ffd9393e751 ERR_clear_error SetLastError 248->256 257 7ffd9393e753-7ffd9393e75a 256->257 258 7ffd9393e761-7ffd9393e768 256->258 257->258 259 7ffd9393e776-7ffd9393e780 258->259 260 7ffd9393e76a-7ffd9393e76e 258->260 262 7ffd9393e792-7ffd9393e797 259->262 263 7ffd9393e782-7ffd9393e78c call 7ffd938e192e 259->263 261 7ffd9393e770-7ffd9393e774 260->261 260->262 261->259 261->262 265 7ffd9393e7a3 262->265 266 7ffd9393e799-7ffd9393e79c 262->266 263->255 263->262 268 7ffd9393e7a7-7ffd9393e7ae 265->268 267 7ffd9393e79e 266->267 266->268 270 7ffd9393e993 267->270 271 7ffd9393e7b0-7ffd9393e7b7 268->271 272 7ffd9393e7f1-7ffd9393e806 268->272 275 7ffd9393e997-7ffd9393e99a 270->275 273 7ffd9393e7e3-7ffd9393e7eb 271->273 274 7ffd9393e7b9-7ffd9393e7c0 271->274 276 7ffd9393e808-7ffd9393e812 272->276 277 7ffd9393e855-7ffd9393e85f 272->277 273->272 274->273 280 7ffd9393e7c2-7ffd9393e7d1 274->280 281 7ffd9393e99c-7ffd9393e99f call 7ffd9393e240 275->281 282 7ffd9393e9b9-7ffd9393e9bc 275->282 278 7ffd9393e86d-7ffd9393e883 call 7ffd938e20c7 276->278 283 7ffd9393e814-7ffd9393e817 276->283 277->278 279 7ffd9393e861-7ffd9393e86b ERR_new 277->279 301 7ffd9393e891-7ffd9393e898 278->301 302 7ffd9393e885-7ffd9393e88f ERR_new 278->302 284 7ffd9393e82a-7ffd9393e850 ERR_set_debug call 7ffd938e1d89 279->284 280->273 286 7ffd9393e7d3-7ffd9393e7da 280->286 297 7ffd9393e9a4-7ffd9393e9a7 281->297 290 7ffd9393e9be-7ffd9393e9c1 call 7ffd9393ec70 282->290 291 7ffd9393e9f5-7ffd9393e9f9 282->291 288 7ffd9393e820-7ffd9393e825 ERR_new 283->288 289 7ffd9393e819-7ffd9393e81e 283->289 309 7ffd9393ea63-7ffd9393ea71 BUF_MEM_free 284->309 286->273 294 7ffd9393e7dc-7ffd9393e7e1 286->294 288->284 289->278 289->288 299 7ffd9393e9c6-7ffd9393e9c9 290->299 295 7ffd9393ea00-7ffd9393ea2d ERR_new ERR_set_debug call 7ffd938e1d89 291->295 296 7ffd9393e9fb-7ffd9393e9fe 291->296 294->272 294->273 303 7ffd9393ea32-7ffd9393ea5b ERR_new ERR_set_debug ERR_set_error 295->303 296->295 296->303 305 7ffd9393ea60 297->305 306 7ffd9393e9ad-7ffd9393e9b7 297->306 307 7ffd9393e9d8-7ffd9393e9db 299->307 308 7ffd9393e9cb-7ffd9393e9d6 299->308 310 7ffd9393e8de-7ffd9393e8e8 call 7ffd938e2077 301->310 311 7ffd9393e89a-7ffd9393e8a5 call 7ffd9395cc43 301->311 302->284 303->305 305->309 312 7ffd9393e9e8-7ffd9393e9ee 306->312 307->305 313 7ffd9393e9e1 307->313 308->312 309->255 317 7ffd9393ea73-7ffd9393ea81 309->317 322 7ffd9393e91f-7ffd9393e937 call 7ffd938e1ff0 310->322 323 7ffd9393e8ea-7ffd9393e8ef ERR_new 310->323 324 7ffd9393e8a7-7ffd9393e8b1 ERR_new 311->324 325 7ffd9393e8b6-7ffd9393e8c6 call 7ffd9395c175 311->325 312->275 315 7ffd9393e9f0-7ffd9393e9f3 312->315 313->312 315->305 320 7ffd9393ea83 317->320 321 7ffd9393ea88 317->321 320->321 321->255 335 7ffd9393e945-7ffd9393e949 322->335 336 7ffd9393e939-7ffd9393e943 ERR_new 322->336 326 7ffd9393e8f4-7ffd9393e91a ERR_set_debug call 7ffd938e1d89 323->326 324->284 332 7ffd9393e8c8-7ffd9393e8d2 ERR_new 325->332 333 7ffd9393e8d7 325->333 326->305 332->284 333->310 337 7ffd9393e951-7ffd9393e958 335->337 338 7ffd9393e94b-7ffd9393e94f 335->338 336->326 339 7ffd9393e986-7ffd9393e98e 337->339 340 7ffd9393e95a-7ffd9393e967 call 7ffd938e186b 337->340 338->337 338->340 339->270 340->309 343 7ffd9393e96d-7ffd9393e974 340->343 344 7ffd9393e97f 343->344 345 7ffd9393e976-7ffd9393e97d 343->345 344->339 345->339 345->344
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_new$R_set_debug$ErrorLastM_freeR_clear_errorR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem.c$state_machine
                                                                                                                                                                                                                                                  • API String ID: 1370845099-1722249466
                                                                                                                                                                                                                                                  • Opcode ID: 6f8aa62c0a17cd257a7cac7c3db44b12b48ed95985bfa37342f9ed60703b21dc
                                                                                                                                                                                                                                                  • Instruction ID: a39b66c6803bae01f34070809958bee32b945c45b8a330921978b68ae03fa4a7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f8aa62c0a17cd257a7cac7c3db44b12b48ed95985bfa37342f9ed60703b21dc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D2A18EB2F0C242A5FBB8ABA5D4613BD239DEF40B44F144431DA4E666D6CE3DE881C781
                                                                                                                                                                                                                                                  Function 00007FFD938E1C62 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$L_sk_valueR_clear_errorX509_get0_pubkey
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_clnt.c$tls_post_process_server_certificate
                                                                                                                                                                                                                                                  • API String ID: 2779586248-3767186838
                                                                                                                                                                                                                                                  • Opcode ID: db8201a799e0baeb7e7da45e6d94f051912b60767bec020adcc90b3d0adbc0ec
                                                                                                                                                                                                                                                  • Instruction ID: 44982061845d9851eb0aac0d84819a8d5c6c71145e54e8c61b5cc6a2c53f0dad
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: db8201a799e0baeb7e7da45e6d94f051912b60767bec020adcc90b3d0adbc0ec
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A51AF65B19642A2F770EBE5D4643B92398EF84B84F544031DD0D6B7D6DF2DE881CB00
                                                                                                                                                                                                                                                  Function 00007FFD938E14F1 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 211COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 387 7ffd938e14f1-7ffd93927714 call 7ffd938e1325 391 7ffd939277d3 387->391 392 7ffd9392771a-7ffd93927722 387->392 393 7ffd939277d5-7ffd939277f1 391->393 394 7ffd93927731-7ffd93927754 392->394 395 7ffd93927724-7ffd9392772b call 7ffd938e1852 392->395 396 7ffd93927756-7ffd93927759 394->396 397 7ffd9392777a-7ffd9392778f 394->397 395->394 404 7ffd9392786d-7ffd93927872 395->404 399 7ffd93927762-7ffd93927773 396->399 400 7ffd9392775b 396->400 401 7ffd93927791-7ffd93927796 397->401 402 7ffd939277b6-7ffd939277c7 397->402 399->397 400->399 401->402 405 7ffd93927798-7ffd939277af memmove 401->405 406 7ffd939277c9-7ffd939277cc 402->406 407 7ffd939277fc-7ffd939277ff 402->407 404->393 405->402 408 7ffd939277ce-7ffd939277d1 406->408 409 7ffd939277f2-7ffd939277f5 406->409 410 7ffd93927801-7ffd93927826 407->410 411 7ffd93927828-7ffd93927839 407->411 408->391 408->407 409->410 414 7ffd939277f7-7ffd939277fa 409->414 410->393 412 7ffd93927877-7ffd9392787e 411->412 413 7ffd9392783b-7ffd93927868 ERR_new ERR_set_debug call 7ffd938e1d89 411->413 416 7ffd93927880-7ffd93927882 412->416 417 7ffd93927889-7ffd9392788c 412->417 413->404 414->410 416->417 418 7ffd93927884-7ffd93927887 416->418 419 7ffd9392788e-7ffd93927891 417->419 420 7ffd93927893-7ffd9392789a 417->420 421 7ffd939278a0-7ffd939278af SetLastError 418->421 419->421 420->421 422 7ffd939279c0-7ffd939279f2 ERR_new ERR_set_debug call 7ffd938e1d89 421->422 423 7ffd939278b5-7ffd939278e1 BIO_read 421->423 435 7ffd939279f7-7ffd93927a05 422->435 424 7ffd93927911-7ffd93927923 423->424 425 7ffd939278e3-7ffd939278f1 BIO_test_flags 423->425 427 7ffd93927925-7ffd93927928 424->427 428 7ffd9392792a-7ffd9392792d 424->428 429 7ffd939278f3-7ffd93927907 BIO_ctrl 425->429 430 7ffd93927909-7ffd9392790b 425->430 427->428 432 7ffd9392798c 427->432 428->421 433 7ffd93927933 428->433 429->430 434 7ffd93927935-7ffd9392793c 429->434 430->424 430->435 438 7ffd9392798f-7ffd939279bb 432->438 433->438 439 7ffd9392793e-7ffd93927953 call 7ffd938e1c49 434->439 440 7ffd93927958-7ffd9392798a ERR_new ERR_set_debug call 7ffd938e1d89 434->440 436 7ffd93927a07-7ffd93927a16 435->436 437 7ffd93927a29-7ffd93927a2b 435->437 436->437 441 7ffd93927a18-7ffd93927a1f 436->441 437->393 438->393 439->435 440->435 441->437 444 7ffd93927a21-7ffd93927a24 call 7ffd938e1988 441->444 444->437
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$ErrorLastO_ctrlO_readO_test_flagsmemmove
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\record\rec_layer_s3.c$ssl3_read_n
                                                                                                                                                                                                                                                  • API String ID: 3874383451-4226281315
                                                                                                                                                                                                                                                  • Opcode ID: 3ca2100bb6b87b098cae2558db268160d918adefb8b476431aa8d90b6f162e8a
                                                                                                                                                                                                                                                  • Instruction ID: cd27e3009ef1b49fe45aa20c8c314559db4267e3e117dcace1ad92ba56619c07
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ca2100bb6b87b098cae2558db268160d918adefb8b476431aa8d90b6f162e8a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 67918E36B08B92A2FB709FA9D5647B923A8EF44B98F544131DE4D27B86EF38D445C300
                                                                                                                                                                                                                                                  Function 00007FFD9393E240 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 207COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 448 7ffd9393e240-7ffd9393e271 call 7ffd938e1325 451 7ffd9393e273-7ffd9393e27a 448->451 452 7ffd9393e281-7ffd9393e2d9 448->452 451->452 453 7ffd9393e2e8-7ffd9393e2ec 452->453 454 7ffd9393e2db-7ffd9393e2e5 452->454 455 7ffd9393e2f0-7ffd9393e2f5 453->455 454->453 456 7ffd9393e334-7ffd9393e34a 455->456 457 7ffd9393e2f7-7ffd9393e2fa 455->457 460 7ffd9393e353 456->460 461 7ffd9393e34c-7ffd9393e351 call 7ffd938e26a3 456->461 458 7ffd9393e300-7ffd9393e303 457->458 459 7ffd9393e414-7ffd9393e42a 457->459 462 7ffd9393e500-7ffd9393e505 ERR_new 458->462 463 7ffd9393e309-7ffd9393e30f call 7ffd938e1c62 458->463 467 7ffd9393e433 459->467 468 7ffd9393e42c-7ffd9393e431 call 7ffd938e15e1 459->468 465 7ffd9393e358-7ffd9393e35a 460->465 466 7ffd9393e353 call 7ffd938e224d 460->466 461->465 473 7ffd9393e50a-7ffd9393e528 ERR_set_debug 462->473 478 7ffd9393e312-7ffd9393e318 463->478 474 7ffd9393e360-7ffd9393e363 465->474 475 7ffd9393e5d1 465->475 466->465 469 7ffd9393e438-7ffd9393e43a 467->469 470 7ffd9393e433 call 7ffd938e11c7 467->470 468->469 469->475 477 7ffd9393e440-7ffd9393e458 469->477 470->469 480 7ffd9393e5c6-7ffd9393e5cc call 7ffd938e1d89 473->480 481 7ffd9393e381-7ffd9393e38d 474->481 482 7ffd9393e365-7ffd9393e377 474->482 479 7ffd9393e5d3-7ffd9393e5ea 475->479 483 7ffd9393e45e-7ffd9393e484 477->483 484 7ffd9393e591-7ffd9393e59b ERR_new 477->484 478->453 485 7ffd9393e31a-7ffd9393e34a 478->485 480->475 481->475 490 7ffd9393e393-7ffd9393e3a3 481->490 487 7ffd9393e37e 482->487 488 7ffd9393e379 482->488 493 7ffd9393e576-7ffd9393e57a 483->493 494 7ffd9393e48a-7ffd9393e48d 483->494 484->473 485->460 485->461 487->481 488->487 501 7ffd9393e5a0-7ffd9393e5c2 ERR_new ERR_set_debug 490->501 502 7ffd9393e3a9-7ffd9393e3b7 490->502 495 7ffd9393e582-7ffd9393e58c ERR_set_debug ERR_new 493->495 496 7ffd9393e57c-7ffd9393e580 493->496 498 7ffd9393e493-7ffd9393e496 494->498 499 7ffd9393e557-7ffd9393e565 494->499 495->480 496->475 496->495 503 7ffd9393e4a0-7ffd9393e4ae 498->503 504 7ffd9393e498-7ffd9393e49b 498->504 505 7ffd9393e56f-7ffd9393e574 499->505 506 7ffd9393e567-7ffd9393e56a call 7ffd938e253b 499->506 501->480 508 7ffd9393e405-7ffd9393e40d 502->508 509 7ffd9393e3b9-7ffd9393e3bc 502->509 503->455 504->455 505->479 506->505 508->459 509->508 510 7ffd9393e3be-7ffd9393e3df BUF_MEM_grow_clean 509->510 511 7ffd9393e52d-7ffd9393e555 ERR_new ERR_set_debug 510->511 512 7ffd9393e3e5-7ffd9393e3e8 510->512 511->480 512->511 513 7ffd9393e3ee-7ffd9393e403 512->513 513->508
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem.c$read_state_machine
                                                                                                                                                                                                                                                  • API String ID: 0-3323778802
                                                                                                                                                                                                                                                  • Opcode ID: 14377edc59a60446f09f780bfe0d0aa6ceb5de1d18d0f26ea132c90706a724b0
                                                                                                                                                                                                                                                  • Instruction ID: 90de249faece63da762d6ceeac2a964639be815edf8eac0bbbe28b743efc9dad
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 14377edc59a60446f09f780bfe0d0aa6ceb5de1d18d0f26ea132c90706a724b0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A9919BB2F08646A1EB38AFA4D4643B92398EF84B48F544036DE0E67795DF3DE846C740
                                                                                                                                                                                                                                                  Function 00007FFD9393EC70 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 217COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 515 7ffd9393ec70-7ffd9393ec9c call 7ffd938e1325 518 7ffd9393ec9e-7ffd9393eca5 515->518 519 7ffd9393ecac-7ffd9393ecfc 515->519 518->519 520 7ffd9393ed00-7ffd9393ed05 519->520 521 7ffd9393ef14-7ffd9393ef17 520->521 522 7ffd9393ed0b-7ffd9393ed0e 520->522 523 7ffd9393ef34-7ffd9393ef3d 521->523 524 7ffd9393ef19-7ffd9393ef2b 521->524 525 7ffd9393ed10-7ffd9393ed13 522->525 526 7ffd9393ed4a-7ffd9393ed59 522->526 541 7ffd9393ef43-7ffd9393ef46 523->541 542 7ffd9393f005-7ffd9393f009 523->542 527 7ffd9393ef2d 524->527 528 7ffd9393ef32 524->528 529 7ffd9393ee6b-7ffd9393ee7a 525->529 530 7ffd9393ed19-7ffd9393ed1c 525->530 537 7ffd9393ed71-7ffd9393ed8e 526->537 538 7ffd9393ed5b-7ffd9393ed65 526->538 527->528 528->523 533 7ffd9393ee7c-7ffd9393ee80 529->533 534 7ffd9393ee8a-7ffd9393ee90 529->534 535 7ffd9393ed22-7ffd9393ed45 ERR_new ERR_set_debug 530->535 536 7ffd9393eee5-7ffd9393eeeb call 7ffd93940672 530->536 533->534 543 7ffd9393ee82-7ffd9393ee85 call 7ffd938e1cf8 533->543 539 7ffd9393ee92-7ffd9393ee95 534->539 540 7ffd9393eeaa-7ffd9393eec1 534->540 544 7ffd9393f034-7ffd9393f03e call 7ffd938e1d89 535->544 547 7ffd9393eeed-7ffd9393eef3 536->547 556 7ffd9393f043 537->556 564 7ffd9393ed94-7ffd9393ed9c 537->564 538->537 539->540 548 7ffd9393ee97-7ffd9393eea8 539->548 549 7ffd9393eec3-7ffd9393eec8 call 7ffd938e1294 540->549 550 7ffd9393eeca call 7ffd938e1528 540->550 553 7ffd9393ef58-7ffd9393ef66 541->553 554 7ffd9393ef48-7ffd9393ef4b 541->554 551 7ffd9393f011-7ffd9393f016 ERR_new 542->551 552 7ffd9393f00b-7ffd9393f00f 542->552 543->534 544->556 547->520 555 7ffd9393eef9-7ffd9393ef03 547->555 566 7ffd9393eecf-7ffd9393eed1 548->566 549->566 550->566 561 7ffd9393f01b-7ffd9393f02e ERR_set_debug 551->561 552->551 552->556 553->520 554->520 560 7ffd9393ef51-7ffd9393ef53 554->560 555->521 562 7ffd9393f045-7ffd9393f05d 556->562 560->562 561->544 567 7ffd9393ed9e-7ffd9393edac 564->567 568 7ffd9393edb1-7ffd9393edc4 call 7ffd938e1389 564->568 566->556 569 7ffd9393eed7-7ffd9393eede 566->569 567->520 572 7ffd9393efec-7ffd9393effb call 7ffd938e1b9a ERR_new 568->572 573 7ffd9393edca-7ffd9393edeb 568->573 569->536 572->542 573->572 577 7ffd9393edf1-7ffd9393edfc 573->577 578 7ffd9393edfe-7ffd9393ee0a 577->578 579 7ffd9393ee32-7ffd9393ee53 577->579 582 7ffd9393ee10-7ffd9393ee13 578->582 583 7ffd9393ef8a-7ffd9393ef98 call 7ffd938e1b9a 578->583 584 7ffd9393efd3-7ffd9393efe2 call 7ffd938e1b9a ERR_new 579->584 585 7ffd9393ee59-7ffd9393ee65 call 7ffd938e1140 579->585 582->579 588 7ffd9393ee15-7ffd9393ee2d call 7ffd938e1b9a 582->588 594 7ffd9393efa4-7ffd9393efae ERR_new 583->594 595 7ffd9393ef9a-7ffd9393ef9e 583->595 584->572 585->529 585->584 588->520 594->561 595->556 595->594
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem.c$write_state_machine
                                                                                                                                                                                                                                                  • API String ID: 193678381-552286378
                                                                                                                                                                                                                                                  • Opcode ID: 1edee16b17f7b7a209ddbeed6cd636bdd8764bdbe6572802cc707b3b873bb90e
                                                                                                                                                                                                                                                  • Instruction ID: 3ba310edf5f20d55f7e7d90be3119ed9e7a45b0cdbabc8ef9e0b87d7dc5eed97
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1edee16b17f7b7a209ddbeed6cd636bdd8764bdbe6572802cc707b3b873bb90e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29A19273B08642A1EB78DFA5D8643B923A8FF80B88F444136DA0E67695DF7DE945C700
                                                                                                                                                                                                                                                  Function 00007FFD93950710 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 149COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 598 7ffd93950710-7ffd93950740 call 7ffd938e1325 601 7ffd93950744-7ffd9395074e 598->601 602 7ffd93950750-7ffd9395077a 601->602 603 7ffd939507b9-7ffd939507bd 601->603 608 7ffd93950783-7ffd93950785 602->608 604 7ffd93950913-7ffd9395092f call 7ffd938e26c6 603->604 605 7ffd939507c3-7ffd939507c7 603->605 615 7ffd93950931-7ffd93950952 call 7ffd938e1e42 604->615 616 7ffd93950954-7ffd93950983 604->616 605->604 606 7ffd939507cd-7ffd939507d0 605->606 606->604 609 7ffd939507d6-7ffd939507da 606->609 611 7ffd9395078b-7ffd93950792 608->611 612 7ffd93950905 608->612 609->604 613 7ffd939507e0-7ffd939507e4 609->613 617 7ffd9395086d-7ffd93950874 611->617 618 7ffd93950798-7ffd9395079b 611->618 614 7ffd9395090c-7ffd9395090e 612->614 613->604 622 7ffd939507ea-7ffd939507ee 613->622 623 7ffd9395099a-7ffd939509ac 614->623 619 7ffd93950987-7ffd9395098e 615->619 616->619 625 7ffd939508ce-7ffd93950900 ERR_new ERR_set_debug call 7ffd938e1d89 617->625 626 7ffd93950876-7ffd9395087c 617->626 620 7ffd939507a1-7ffd939507b7 618->620 621 7ffd93950836-7ffd93950868 ERR_new ERR_set_debug call 7ffd938e1d89 618->621 628 7ffd93950995 619->628 620->602 620->603 621->623 622->604 630 7ffd939507f4-7ffd93950805 622->630 625->623 626->625 627 7ffd9395087e-7ffd93950881 626->627 627->625 633 7ffd93950883-7ffd93950887 627->633 628->623 630->601 635 7ffd9395080b-7ffd93950831 630->635 637 7ffd93950889-7ffd93950893 633->637 638 7ffd93950895-7ffd939508c9 633->638 635->601 637->614 637->638 638->628
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_lib.c$tls_get_message_header
                                                                                                                                                                                                                                                  • API String ID: 193678381-2714770296
                                                                                                                                                                                                                                                  • Opcode ID: 0a675c68133e8178ac648a78a03b7d1437f40432096ecb796daf1537fba5ad51
                                                                                                                                                                                                                                                  • Instruction ID: 867a00acbe6f7f00ab0ea81f78aeae3e54bc4d699cc23c04113a56e9e9419616
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a675c68133e8178ac648a78a03b7d1437f40432096ecb796daf1537fba5ad51
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE614D32B08781A5EBB08FA5D4607A937A8FB45B48F088035DF8D67799DF38D895C710
                                                                                                                                                                                                                                                  Function 00007FFD938FFAE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: C_get_current_jobR_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_lib.c$SSL_do_handshake
                                                                                                                                                                                                                                                  • API String ID: 2134390360-2964568172
                                                                                                                                                                                                                                                  • Opcode ID: c91630741219631a69d9c5f3432363629406958cc77146902cc34db31b5e4eda
                                                                                                                                                                                                                                                  • Instruction ID: cf4e8a57caac9a01aa5f01fb76589d74393db7a9f51b07c88375b6ed96fc2d1f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c91630741219631a69d9c5f3432363629406958cc77146902cc34db31b5e4eda
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4021A436F0874692E764EBB5E4613BE2359EF88B84F580231EE4D227D6DF3CE5918640
                                                                                                                                                                                                                                                  Function 00007FFD936312C0 Relevance: 10.5, APIs: 7, Instructions: 37librarythreadloaderCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3401786846.00007FFD93631000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFD93630000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3401763718.00007FFD93630000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3401813572.00007FFD9363B000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3401835610.00007FFD93640000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3401855906.00007FFD93641000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd93630000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Err_Eval_FilenameFromLibraryThreadWindowsWith$AddressFreeLoadProcRestoreSave
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 568911590-0
                                                                                                                                                                                                                                                  • Opcode ID: e2200b3415209b6f4be3470a672ca2eac9ae6c36c8dafb9bbec9a9066c3d2c4c
                                                                                                                                                                                                                                                  • Instruction ID: d68164164f719eeb68fe025d1d0602c8648eda5b062048387c8beaf4eb5dbffa
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e2200b3415209b6f4be3470a672ca2eac9ae6c36c8dafb9bbec9a9066c3d2c4c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB014F20B1CB4681FA2CABA2B92813E63A9FF88FC0B444034ED5E57B59DF3CD0458744
                                                                                                                                                                                                                                                  Function 00007FFD93631DC0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49timeCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3401786846.00007FFD93631000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFD93630000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3401763718.00007FFD93630000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3401813572.00007FFD9363B000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3401835610.00007FFD93640000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3401855906.00007FFD93641000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd93630000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: BuildErr_FromSystemTimesValueWindows
                                                                                                                                                                                                                                                  • String ID: (ddd)
                                                                                                                                                                                                                                                  • API String ID: 2325294781-2401937087
                                                                                                                                                                                                                                                  • Opcode ID: ba0bdbf672466f0367906313a703a410643c45962e3f53d94245850bb14888e0
                                                                                                                                                                                                                                                  • Instruction ID: 1e5f5903c6605eb1d3706f2bd2dc6822b70f2bdc9e9b5610a9385ef8fba851c7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ba0bdbf672466f0367906313a703a410643c45962e3f53d94245850bb14888e0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9511BC31F29F414FD567DB759950525E3A9AFA5790B448322F51FB2E10E72CE0D68B00
                                                                                                                                                                                                                                                  Function 00007FFD939074A0 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: J_nid2snR_fetchR_pop_to_markR_set_mark
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2772354928-0
                                                                                                                                                                                                                                                  • Opcode ID: 9d6a64450acf58a63a50e4c19100a97fdf4d2fc7c8484d09c1bb12015f6b24b3
                                                                                                                                                                                                                                                  • Instruction ID: 2b1383b5bc6ec61a162dc782ffb9f7e7b60b62b2b6637d6610a47a09622a1fa6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d6a64450acf58a63a50e4c19100a97fdf4d2fc7c8484d09c1bb12015f6b24b3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37F0EC05F0D74251EA6477D2B4553BD56595F88BC0F084434FD4D77B8BDD2CE5824B00
                                                                                                                                                                                                                                                  Function 00007FFD9393E5EC Relevance: 4.8, APIs: 3, Instructions: 344COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLastM_freeR_clear_error
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1231514297-0
                                                                                                                                                                                                                                                  • Opcode ID: ce68793f5ed94765da0cf06069d6cda8a1f14ed55aa43607596081dc107df58f
                                                                                                                                                                                                                                                  • Instruction ID: 1da6356f7ef5f4f704dcd41a4b478390aea0b7eb6b6c50d3153dd0b3c647c4e7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce68793f5ed94765da0cf06069d6cda8a1f14ed55aa43607596081dc107df58f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B31B4B7F086029AF7B89E9594A137D27A9FF41B44F584431DE4963685DF38E882CB40
                                                                                                                                                                                                                                                  Function 00007FFD938E1DF2 Relevance: 4.6, APIs: 3, Instructions: 87COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLastM_freeR_clear_error
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1231514297-0
                                                                                                                                                                                                                                                  • Opcode ID: 30f5a756a2453722bd5fc7c60f00636787785f570310c9cdf96fb774af82a049
                                                                                                                                                                                                                                                  • Instruction ID: baa145feafd21500d8803d2360332f040ee48cbfa2cf5df0a93cf3046b6d7100
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 30f5a756a2453722bd5fc7c60f00636787785f570310c9cdf96fb774af82a049
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB316DB3F0824299F7B8AEA5946037D2799EF40B44F584431EE4E66685DE3DE881CB41
                                                                                                                                                                                                                                                  Function 00007FFD93661490 Relevance: 1.7, APIs: 1, Instructions: 204COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3401896739.00007FFD93651000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD93650000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3401877249.00007FFD93650000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402002576.00007FFD9377C000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402037144.00007FFD937AA000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402061018.00007FFD937AF000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd93650000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InfoSystem
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 31276548-0
                                                                                                                                                                                                                                                  • Opcode ID: 92d82e4b214818c158f58746d604a038a40c5e57c576eefab9a689c2dc8594a3
                                                                                                                                                                                                                                                  • Instruction ID: 7e8d3870e6407a968e931d3735cf8e9e9ef57694a4654d496a75ceb17f262d19
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 92d82e4b214818c158f58746d604a038a40c5e57c576eefab9a689c2dc8594a3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D7A1EC65F0AB8781FEB48BD5A47437832ADBF45B88F140935C92EA7790DF6CE4A18340
                                                                                                                                                                                                                                                  Function 00007FFD9393E330 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • BUF_MEM_grow_clean.LIBCRYPTO-3(?,?,?,?,-00000031,?,00007FFD9393E9A4), ref: 00007FFD9393E3D7
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: M_grow_clean
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 964628749-0
                                                                                                                                                                                                                                                  • Opcode ID: ff409e93fcb0d36c1aaad829d7e6a47c84e60de949b34c47c74b208e88b9b461
                                                                                                                                                                                                                                                  • Instruction ID: 0070c812b4416811be10ce31e414d62090d95f1b69c8aae85c4ac1d5cd03e1dd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff409e93fcb0d36c1aaad829d7e6a47c84e60de949b34c47c74b208e88b9b461
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE415BB2F0968696EB389F65D0643792799EF44B88F188135CE4D67798DF38E8418700

                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                  Function 00007FFD93957820 Relevance: 118.0, APIs: 63, Strings: 4, Instructions: 767COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_new$R_set_debug$L_sk_free$L_sk_num$O_free$L_sk_value$L_sk_dup$O_memcmpmemcpy
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_srvr.c$@$P$tls_early_post_process_client_hello
                                                                                                                                                                                                                                                  • API String ID: 3172855559-1173447675
                                                                                                                                                                                                                                                  • Opcode ID: f4ebc71df91df51bf9ae05e26b6cd4839ddc4547f31832c535cc23f7216b7177
                                                                                                                                                                                                                                                  • Instruction ID: f0bf262404de07c6c06f56baa6f65f8408ba2352dfbaa8a82c6d450aaee31025
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f4ebc71df91df51bf9ae05e26b6cd4839ddc4547f31832c535cc23f7216b7177
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 53726D66B08782A5EB349FE1D8603B92399EF84B88F544035DE4E67795CF3DE981C740
                                                                                                                                                                                                                                                  Function 00007FFD938E21DF Relevance: 110.7, APIs: 57, Strings: 6, Instructions: 483COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_new$R_set_debugX_new$X_free
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\t1_enc.c$HMAC$tls-mac-size$tls-version$tls1_change_cipher_state$tls_provider_set_tls_params
                                                                                                                                                                                                                                                  • API String ID: 1274617517-1172825828
                                                                                                                                                                                                                                                  • Opcode ID: 1b41b9958f7dc289b5624f605a113bbca6768147db7a2d816eb58ff6c9a32524
                                                                                                                                                                                                                                                  • Instruction ID: 6ff2ff84e3f1e8ce529819d0b9169fc95b0da41998619eeeee800f998ed26d88
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b41b9958f7dc289b5624f605a113bbca6768147db7a2d816eb58ff6c9a32524
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7229066B08B86A1E674DBE5D4613B923A8FF89B88F404131DE4D63792DF3CE591CB00
                                                                                                                                                                                                                                                  Function 00007FFD9390B700 Relevance: 79.0, APIs: 43, Strings: 2, Instructions: 248COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9390A9C7), ref: 00007FFD9390B765
                                                                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9390A9C7), ref: 00007FFD9390B77D
                                                                                                                                                                                                                                                  • ERR_set_error.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9390A9C7), ref: 00007FFD9390B78B
                                                                                                                                                                                                                                                  • OPENSSL_sk_num.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9390A9C7), ref: 00007FFD9390B7AB
                                                                                                                                                                                                                                                  • OPENSSL_sk_value.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9390A9C7), ref: 00007FFD9390B7B9
                                                                                                                                                                                                                                                  • OPENSSL_sk_num.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9390A9C7), ref: 00007FFD9390B7E5
                                                                                                                                                                                                                                                  • X509_get_pubkey.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9390A9C7), ref: 00007FFD9390B7F9
                                                                                                                                                                                                                                                  • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9390A9C7), ref: 00007FFD9390B82F
                                                                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9390A9C7), ref: 00007FFD9390B847
                                                                                                                                                                                                                                                  • ERR_set_error.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9390A9C7), ref: 00007FFD9390B858
                                                                                                                                                                                                                                                  • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9390A9C7), ref: 00007FFD9390B862
                                                                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9390A9C7), ref: 00007FFD9390B87A
                                                                                                                                                                                                                                                  • ERR_set_error.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9390A9C7), ref: 00007FFD9390B889
                                                                                                                                                                                                                                                  • EVP_PKEY_missing_parameters.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9390A9C7), ref: 00007FFD9390B896
                                                                                                                                                                                                                                                  • EVP_PKEY_missing_parameters.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9390A9C7), ref: 00007FFD9390B8A2
                                                                                                                                                                                                                                                  • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9390A9C7), ref: 00007FFD9390B8AB
                                                                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9390A9C7), ref: 00007FFD9390B8C3
                                                                                                                                                                                                                                                  • ERR_set_error.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9390A9C7), ref: 00007FFD9390B8D4
                                                                                                                                                                                                                                                  • EVP_PKEY_copy_parameters.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9390A9C7), ref: 00007FFD9390B8E4
                                                                                                                                                                                                                                                  • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9390A9C7), ref: 00007FFD9390B8ED
                                                                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9390A9C7), ref: 00007FFD9390B905
                                                                                                                                                                                                                                                  • ERR_set_error.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9390A9C7), ref: 00007FFD9390B916
                                                                                                                                                                                                                                                  • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9390A9C7), ref: 00007FFD9390B97F
                                                                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9390A9C7), ref: 00007FFD9390B997
                                                                                                                                                                                                                                                  • ERR_set_error.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9390A9C7), ref: 00007FFD9390B9A8
                                                                                                                                                                                                                                                  • EVP_PKEY_free.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9390A9C7), ref: 00007FFD9390BB18
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error$L_sk_numY_missing_parameters$L_sk_valueX509_get_pubkeyY_copy_parametersY_free
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_rsa.c$ssl_set_cert_and_key
                                                                                                                                                                                                                                                  • API String ID: 1144767644-2212061476
                                                                                                                                                                                                                                                  • Opcode ID: 718aa228bd25fbf1d3cfbf5b674043b17c9deff214c523a0100d0522540fc82e
                                                                                                                                                                                                                                                  • Instruction ID: 49da81d11eb134589f93fe6011056b37b664bfee845838d5d0cd214c186f4cc4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 718aa228bd25fbf1d3cfbf5b674043b17c9deff214c523a0100d0522540fc82e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 89B14C29B1864662EA74EBE1D4717BA2398EF94B84F500032ED4E73BD6DE3CE545CB01
                                                                                                                                                                                                                                                  Function 00007FFD938E1846 Relevance: 77.4, APIs: 42, Strings: 2, Instructions: 435COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: L_sk_new_nullL_sk_pop_freeR_newR_set_debugX509X509_freeX509_new_exd2i_
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_srvr.c$tls_process_client_certificate
                                                                                                                                                                                                                                                  • API String ID: 3085087540-2403068147
                                                                                                                                                                                                                                                  • Opcode ID: 0354b7188ed3375122ca9793ddc61aaa29afc51b746fbb843e8a4165e2b2472e
                                                                                                                                                                                                                                                  • Instruction ID: 8772ff9d72b7cc512c601bfbd97bbc16edc0335ea60ecb3af4e1913516ff4fe4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0354b7188ed3375122ca9793ddc61aaa29afc51b746fbb843e8a4165e2b2472e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5512AA26B08742A4FB71EBE5D8603B927A9EF84B84F444036DD4E67696EF3CE584C701
                                                                                                                                                                                                                                                  Function 00007FFD938E111D Relevance: 73.8, APIs: 39, Strings: 3, Instructions: 286COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error$O_freeO_zalloc
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_cert.c$gfffffff$ssl_cert_dup
                                                                                                                                                                                                                                                  • API String ID: 1191937791-1697153846
                                                                                                                                                                                                                                                  • Opcode ID: e048c4f90e9b58322efc39cd4b2d5113965c750834da7b20b8851709e95ac7b8
                                                                                                                                                                                                                                                  • Instruction ID: 2b2c343a0045390486f4b4309e17e6b768a7af150fbb5b1915c639cd310bc47e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e048c4f90e9b58322efc39cd4b2d5113965c750834da7b20b8851709e95ac7b8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A9D18B75B09B42A2EB68DBA5E4A03F963A8FB44B84F400035DE5D67791DF3DE5A0C740
                                                                                                                                                                                                                                                  Function 00007FFD938E1646 Relevance: 72.1, APIs: 39, Strings: 2, Instructions: 334COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_freeR_newR_set_debug$X509_get0_pubkeyX_freeX_new
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_lib.c$tls_process_cert_verify
                                                                                                                                                                                                                                                  • API String ID: 3996869770-4103244874
                                                                                                                                                                                                                                                  • Opcode ID: 66300fe5e646592a600a1c3d30a2e16b2af59001e27b2c7f76db3dc982a12af8
                                                                                                                                                                                                                                                  • Instruction ID: a4979ed93597a47c976d6788d6a9fd5d1c1b6c74f2f0fea749dbccb52f7672a4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 66300fe5e646592a600a1c3d30a2e16b2af59001e27b2c7f76db3dc982a12af8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0FE17D65B09782A1FB74ABD1D8717BA2398AF82B84F504032ED4D67796DF3CE5818701
                                                                                                                                                                                                                                                  Function 00007FFD938E116D Relevance: 68.6, APIs: 34, Strings: 5, Instructions: 379COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Digest$Init_exL_cleanseR_newR_set_debug$D_get_sizeFinal_exX_freeX_newY_free
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions.c$HMAC$ext binder$res binder$tls_psk_do_binder
                                                                                                                                                                                                                                                  • API String ID: 1272419997-82630564
                                                                                                                                                                                                                                                  • Opcode ID: b83220438b9ab0b683d3643b4e119f6c321eee854895ec546971faa3510bc489
                                                                                                                                                                                                                                                  • Instruction ID: 69d0c52bf0d2af9eed5f7a1ef51b63b63effb074fb3f78b1ff7d8fbd0b77e874
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b83220438b9ab0b683d3643b4e119f6c321eee854895ec546971faa3510bc489
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5F18066B0C782A1E778A7E1E8657EE6399BB85780F400031DE4E67B96DF7CE144CB40
                                                                                                                                                                                                                                                  Function 00007FFD938E26DF Relevance: 68.5, APIs: 35, Strings: 4, Instructions: 257COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_free$R_newR_set_debug$O_ctrlO_newO_s_fileR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_rsa.c$SERVERINFO FOR $SERVERINFOV2 FOR $SSL_CTX_use_serverinfo_file
                                                                                                                                                                                                                                                  • API String ID: 1122662597-2528746747
                                                                                                                                                                                                                                                  • Opcode ID: 4e7bc5c39135565d6fded332fafe28efe5aab522e1aae3369110f26241436f3b
                                                                                                                                                                                                                                                  • Instruction ID: 43d1053b7acec8d71e6810a8a0a9dc09472c2ac71b23910289410c8a454ac996
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e7bc5c39135565d6fded332fafe28efe5aab522e1aae3369110f26241436f3b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BBB1B169B18642A5FB309BE1D8603FD23A9EF40794F504032ED4D67A9ADE3CE685C781
                                                                                                                                                                                                                                                  Function 00007FFD93900380 Relevance: 66.7, APIs: 37, Strings: 1, Instructions: 161COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_free$L_sk_pop_free$L_sk_free$M_freeO_free_allX_free$D_lock_freeO_free_ex_dataO_popT_freeX509_X509_free
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                                  • API String ID: 1751156600-1080266419
                                                                                                                                                                                                                                                  • Opcode ID: 50e2369ae7b8ff1e3a55b415751e92586b5c61a2d93558a160ece9789df705b2
                                                                                                                                                                                                                                                  • Instruction ID: f0b5d7c9ab12ca3eafab3853998fc31cf54d64cb973140f3e793664cf6b87e1e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 50e2369ae7b8ff1e3a55b415751e92586b5c61a2d93558a160ece9789df705b2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27912469B15A4760EB20FFE5D8B17B92325FF80F88F041032DE0E6B69ADE6CD1858751
                                                                                                                                                                                                                                                  Function 00007FFD939526E0 Relevance: 61.7, APIs: 31, Strings: 4, Instructions: 409COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CRYPTO_malloc.LIBCRYPTO-3(?,?,?,?,00000000,?,?,?,00007FFD93956186), ref: 00007FFD9395276E
                                                                                                                                                                                                                                                  • ERR_new.LIBCRYPTO-3(?,?,?,?,00000000,?,?,?,00007FFD93956186), ref: 00007FFD9395277C
                                                                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,00000000,?,?,?,00007FFD93956186), ref: 00007FFD93952794
                                                                                                                                                                                                                                                  • EVP_CIPHER_CTX_new.LIBCRYPTO-3(?,?,?,?,00000000,?,?,?,00007FFD93956186), ref: 00007FFD939527A4
                                                                                                                                                                                                                                                  • ERR_new.LIBCRYPTO-3(?,?,?,?,00000000,?,?,?,00007FFD93956186), ref: 00007FFD939527E7
                                                                                                                                                                                                                                                  • ERR_new.LIBCRYPTO-3(?,?,?,?,00000000,?,?,?,00007FFD93956186), ref: 00007FFD93952D30
                                                                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,00000000,?,?,?,00007FFD93956186), ref: 00007FFD93952D48
                                                                                                                                                                                                                                                  • CRYPTO_free.LIBCRYPTO-3(?,?,?,?,00000000,?,?,?,00007FFD93956186), ref: 00007FFD93952D73
                                                                                                                                                                                                                                                  • EVP_CIPHER_CTX_free.LIBCRYPTO-3(?,?,?,?,00000000,?,?,?,00007FFD93956186), ref: 00007FFD93952D7B
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_new$R_set_debug$O_freeO_mallocX_freeX_new
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_srvr.c$AES-256-CBC$SHA256$construct_stateless_ticket
                                                                                                                                                                                                                                                  • API String ID: 1754044936-1960200554
                                                                                                                                                                                                                                                  • Opcode ID: 026c625fc48da80e0d9c934c4d15f43a8f4cba83a72d5efe84489ffc2d3e644b
                                                                                                                                                                                                                                                  • Instruction ID: c8b715ad7c2b9bc16661a5ecfec35b96cae9717e35c8b0df14be644f6068de6a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 026c625fc48da80e0d9c934c4d15f43a8f4cba83a72d5efe84489ffc2d3e644b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB029D66B0C742A5FB34ABE2D4707BD23A9AF44B88F404031DD4E77A96DE2DE586C740
                                                                                                                                                                                                                                                  Function 00007FFD938E162C Relevance: 58.0, APIs: 31, Strings: 2, Instructions: 245COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_new$R_set_debug$O_freeX_freeX_new
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_lib.c$tls_construct_cert_verify
                                                                                                                                                                                                                                                  • API String ID: 3285935519-2275373907
                                                                                                                                                                                                                                                  • Opcode ID: fa070d2f81ccd89c61bee42e883de4a69c782245a686f86bc9d834ee74e3a6c5
                                                                                                                                                                                                                                                  • Instruction ID: 422a0daea5ff7dcaed7171ade42e269922f96b409cbd6558935e1d3162d836a1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa070d2f81ccd89c61bee42e883de4a69c782245a686f86bc9d834ee74e3a6c5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1BA19265B0CB5361F670ABD2D8357BA6398EF86B80F444032ED4E67B96DE3CE5418701
                                                                                                                                                                                                                                                  Function 00007FFD938F43A0 Relevance: 57.9, APIs: 29, Strings: 4, Instructions: 178COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: X509_$R_newR_set_debugR_set_error$L_sk_numX_free$D_run_onceL_sk_pop_freeL_sk_valueM_move_peernameM_set1X509_verify_certX_get0_chainX_get1_chainX_get_errorX_initX_new_exX_set0_daneX_set_defaultX_set_ex_dataX_set_flagsX_set_verify_cb
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_cert.c$ssl_client$ssl_server$ssl_verify_cert_chain
                                                                                                                                                                                                                                                  • API String ID: 374146265-1087352319
                                                                                                                                                                                                                                                  • Opcode ID: 67301769716e3a631a9ecf5bd14671fd1b2cbb774a5bb158fdea402df5d14953
                                                                                                                                                                                                                                                  • Instruction ID: b8d57f17b35b7fcc053a6d84cbf7c22f3fb96a02924d944c83d68da8513208b1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 67301769716e3a631a9ecf5bd14671fd1b2cbb774a5bb158fdea402df5d14953
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7571D065B0974265FA60EBE295707BA2399AF85BC4F044032DD0E67796DF2CE8818B81
                                                                                                                                                                                                                                                  Function 00007FFD93944110 Relevance: 52.7, APIs: 25, Strings: 5, Instructions: 198COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,00007FFD93944EA5), ref: 00007FFD93944145
                                                                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,00007FFD93944EA5), ref: 00007FFD9394415D
                                                                                                                                                                                                                                                  • X509_get0_pubkey.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,00007FFD93944EA5), ref: 00007FFD93944185
                                                                                                                                                                                                                                                  • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,00007FFD93944EA5), ref: 00007FFD939441A0
                                                                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,00007FFD93944EA5), ref: 00007FFD939441B8
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$X509_get0_pubkey
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_clnt.c$0$0$RSA$tls_construct_cke_rsa
                                                                                                                                                                                                                                                  • API String ID: 2988517565-1370622440
                                                                                                                                                                                                                                                  • Opcode ID: 7a1bc44dbc0c44bbc94590b7c3d382cd6c831207d2be373f0034306c18b80391
                                                                                                                                                                                                                                                  • Instruction ID: a7c27411a818d3069be217f8010a8a4154340a923d109f676583d475dda98951
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a1bc44dbc0c44bbc94590b7c3d382cd6c831207d2be373f0034306c18b80391
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57817D65B1C742A1F734ABE1E9357BA2398AF95B84F440032DD4E67A96DF3CE141CB40
                                                                                                                                                                                                                                                  Function 00007FFD9395A2C0 Relevance: 49.2, APIs: 23, Strings: 5, Instructions: 213COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_srvr.c$0$tls-client-version$tls-negotiated-version$tls_process_cke_rsa
                                                                                                                                                                                                                                                  • API String ID: 193678381-3332223380
                                                                                                                                                                                                                                                  • Opcode ID: 5bb5ccd3e4bbc846f2449639d6ce574c27e8f6a11b89b12c899185f0fbf4fa0e
                                                                                                                                                                                                                                                  • Instruction ID: b28b03ec830ca2fac68fe643a752d42b3468ec64794fded61f58c0980bb1ab06
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5bb5ccd3e4bbc846f2449639d6ce574c27e8f6a11b89b12c899185f0fbf4fa0e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FEA1C066B18B82A5E331ABE1D4217FA6368FF95784F404131DE4E23696EF3CE581CB00
                                                                                                                                                                                                                                                  Function 00007FFD938E13D9 Relevance: 47.5, APIs: 25, Strings: 2, Instructions: 256COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: L_sk_new_nullL_sk_pop_freeR_newR_set_debugX509X509_freeX509_new_exd2i_
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_server_certificate
                                                                                                                                                                                                                                                  • API String ID: 3085087540-2730446810
                                                                                                                                                                                                                                                  • Opcode ID: 1083cbb614af8eb737620d1e5047b46802b70fc1952205c68d298ce85ef246d1
                                                                                                                                                                                                                                                  • Instruction ID: 09fd97f6597b6f48dba7f2cbbfa354a3594b0904a5170ad7187532984a6296f2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1083cbb614af8eb737620d1e5047b46802b70fc1952205c68d298ce85ef246d1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9EC1E362B18B96A1E7309BE5D4643FE2399EB80B84F104132DA6D676D6DF3CE481CB40
                                                                                                                                                                                                                                                  Function 00007FFD93943420 Relevance: 45.7, APIs: 23, Strings: 3, Instructions: 207COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$X509_get0_pubkeyX_new_from_pkey
                                                                                                                                                                                                                                                  • String ID: $..\s\ssl\statem\statem_clnt.c$tls_construct_cke_gost
                                                                                                                                                                                                                                                  • API String ID: 3869628303-1144584530
                                                                                                                                                                                                                                                  • Opcode ID: 8355a11617973a3a9c271e8226d5d584887406d8c4f71a30efb2c1e149aa921b
                                                                                                                                                                                                                                                  • Instruction ID: ac5f659d7797c82a0f66879786fe1ff7e08ca354f6fa6c328a5eaf47d1a64154
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8355a11617973a3a9c271e8226d5d584887406d8c4f71a30efb2c1e149aa921b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09919D76B1879261FB74ABE2D5A47FA2398BF85B84F400031DD4E6B782DF2CE5508B40
                                                                                                                                                                                                                                                  Function 00007FFD93929370 Relevance: 44.0, APIs: 23, Strings: 2, Instructions: 254COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$D_get_sizeX_get0_md
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\record\ssl3_record.c$dtls1_process_record
                                                                                                                                                                                                                                                  • API String ID: 1548276727-2476007939
                                                                                                                                                                                                                                                  • Opcode ID: 178ddcd360d4b3a12c89ccc30972a41ae4475cc8a7a2d8035e9ef9ed616f317d
                                                                                                                                                                                                                                                  • Instruction ID: 1189dc48c19d09c08c65076824ccded3602e5f628e7dd042e72093f1d7d61a11
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 178ddcd360d4b3a12c89ccc30972a41ae4475cc8a7a2d8035e9ef9ed616f317d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1DB17F25B09A42A1FBB4ABE5E5207FA2399FF84B84F444032DE4E67695DF3CE564C700
                                                                                                                                                                                                                                                  Function 00007FFD938E230B Relevance: 42.4, APIs: 20, Strings: 4, Instructions: 388COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_new$O_freeR_set_debug$D_fetchD_freeO_malloc_time64
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_clnt.c$SHA2-256$resumption$tls_process_new_session_ticket
                                                                                                                                                                                                                                                  • API String ID: 4294151624-1635961163
                                                                                                                                                                                                                                                  • Opcode ID: c7af424069aa15eee3a1ff15ccabd709f4a38e17076db407352773dc70be74d1
                                                                                                                                                                                                                                                  • Instruction ID: dacfe7b9b6378fce51b5aa39b4980b4172928aabb70e4e069017d7ec678a9f97
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7af424069aa15eee3a1ff15ccabd709f4a38e17076db407352773dc70be74d1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91021472B08B8691E730DB95E4A43BD77AAEB84B84F048136DA9D67795DF3CE181C700
                                                                                                                                                                                                                                                  Function 00007FFD938E15E6 Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 157COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error$memcpy$O_freeO_malloc
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_rsa.c$SSL_CTX_use_serverinfo_ex
                                                                                                                                                                                                                                                  • API String ID: 2045424659-2326540444
                                                                                                                                                                                                                                                  • Opcode ID: 293f96c77ec9b3ea1394ded9c631bc52f7003473748ea78ecdfc371e71dabf1d
                                                                                                                                                                                                                                                  • Instruction ID: 16162fe0f3369eb13d8e16f1b2d99d0579e5a3cb3e15d93f0c6a5f8e7521ac1c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 293f96c77ec9b3ea1394ded9c631bc52f7003473748ea78ecdfc371e71dabf1d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB617D29B18642A1E670DBE4D9317FA2359EF94780F904031ED4E637E6DE2CE981C740
                                                                                                                                                                                                                                                  Function 00007FFD93959790 Relevance: 40.4, APIs: 20, Strings: 3, Instructions: 174COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$E_getN1_item_d2iN1_item_freeR_clear_errorX509_get0_pubkeyX_ctrlX_freeX_new_from_pkeyY_decryptY_decrypt_init
                                                                                                                                                                                                                                                  • String ID: $..\s\ssl\statem\statem_srvr.c$tls_process_cke_gost
                                                                                                                                                                                                                                                  • API String ID: 46435683-2809538378
                                                                                                                                                                                                                                                  • Opcode ID: e18635b5dd13bb857b5ee75ac4588eab4e323f20d50603a590beb7fe783099d7
                                                                                                                                                                                                                                                  • Instruction ID: 1651229737529d5477fefb30e231fc3944782261567faa9c7147fe82dc94bbe4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e18635b5dd13bb857b5ee75ac4588eab4e323f20d50603a590beb7fe783099d7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F717F65B08B42A5FB30ABEAE4717B92359AF85B84F544031DE4E27796DF2CE4818700
                                                                                                                                                                                                                                                  Function 00007FFD939021C0 Relevance: 38.8, APIs: 20, Strings: 2, Instructions: 281COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_lib.c$SSL_new
                                                                                                                                                                                                                                                  • API String ID: 1552677711-1278568459
                                                                                                                                                                                                                                                  • Opcode ID: 70ac47f4399532c403a3cd33b4663962d4bed4d87ea2d6c605935e0e27f9bf3b
                                                                                                                                                                                                                                                  • Instruction ID: 031311be34b015ae4c8c4648ebe21340f55381b6f24ca6b0750069a4e3748cf0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70ac47f4399532c403a3cd33b4663962d4bed4d87ea2d6c605935e0e27f9bf3b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CFE14736716B86A6EB98DFA8D5907E873A8FB08B84F080135DF9C57755DF38E0A08710
                                                                                                                                                                                                                                                  Function 00007FFD938E144C Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 225COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$X_freeX_new
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_lib.c$tls13_save_handshake_digest_for_pha$tls_process_finished
                                                                                                                                                                                                                                                  • API String ID: 1676177304-1286925996
                                                                                                                                                                                                                                                  • Opcode ID: 70252e26435c598d36948de3f9f42d7969caea64793bb3b708012f7c0e9b5c89
                                                                                                                                                                                                                                                  • Instruction ID: 1996e105e09e0b9fce02f4b38c344ebc5f57387ca15d7d02e85e821faaa12e47
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70252e26435c598d36948de3f9f42d7969caea64793bb3b708012f7c0e9b5c89
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10A14D25B09742A1EB70EFE1D4707B92398EF84B88F545036DE4E67695DF2CE581C740
                                                                                                                                                                                                                                                  Function 00007FFD938E25EF Relevance: 36.9, APIs: 12, Strings: 9, Instructions: 146COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: memcmp$R_newR_set_debugmemcpy$O_clear_freeO_mallocR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\t1_enc.c$client finished$extended master secret$key expa$master s$n$nsio$server finished$tls1_export_keying_material
                                                                                                                                                                                                                                                  • API String ID: 2646480882-4292774120
                                                                                                                                                                                                                                                  • Opcode ID: 1286166012c42b00a96a554d015e8feeac319495cec835ade4583d4d80e827a4
                                                                                                                                                                                                                                                  • Instruction ID: 6ed53eec5dc43c7cf5bc4922ff1b87490c8f0365029d034ec29309d03905d8a4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1286166012c42b00a96a554d015e8feeac319495cec835ade4583d4d80e827a4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E619262B08781A1E730DFD5A9603AA63A8FB587C8F548135DE8D23B9ADF3CD585C740
                                                                                                                                                                                                                                                  Function 00007FFD93922230 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 170COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: N_clear_free$R_newR_set_debug$N_num_bitsO_clear_freeO_malloc
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\tls_srp.c$srp_generate_client_master_secret
                                                                                                                                                                                                                                                  • API String ID: 1310426286-3880031085
                                                                                                                                                                                                                                                  • Opcode ID: 447721e5ea76b885f34a0294fe4c24562583dade5680486d88c62bbd87b54b6e
                                                                                                                                                                                                                                                  • Instruction ID: 47e43119bfd2ccfe021cb9ff6abbe9d33f1d452a701381c628d20aef2b9147a6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 447721e5ea76b885f34a0294fe4c24562583dade5680486d88c62bbd87b54b6e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 38617466B09B8261E774ABE2E9607F96398BB85BC4F404035DE4D67786DF3CE191C700
                                                                                                                                                                                                                                                  Function 00007FFD938E176C Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 188COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_strdup$O_memdup$D_lock_newO_dup_ex_dataO_freeO_mallocR_newR_set_debugR_set_errorX509_chain_up_refX509_up_ref
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_sess.c$ssl_session_dup
                                                                                                                                                                                                                                                  • API String ID: 1347456398-2356865551
                                                                                                                                                                                                                                                  • Opcode ID: c91e6a8d12510ecb13b80947944277ea1fb9b98c3fc597ebccf6540816cd0e10
                                                                                                                                                                                                                                                  • Instruction ID: e50fb7f470fe2f8a4b8e1389d7fff50badcfbfb27eafca92fe8dc3e76885c8a5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c91e6a8d12510ecb13b80947944277ea1fb9b98c3fc597ebccf6540816cd0e10
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5918625B0AB86A2EB65DFA494A03FC235CFF45B44F085635DE4E27696DF38E294C310
                                                                                                                                                                                                                                                  Function 00007FFD938E136B Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 152COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$D_unlock$D_read_lockmemset
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_sess.c$ssl_generate_session_id
                                                                                                                                                                                                                                                  • API String ID: 2442218550-3346574085
                                                                                                                                                                                                                                                  • Opcode ID: 989af3b3d59cb0368f61ca77f129cdeb29dc6a1c3ddd44b3278c33da225025df
                                                                                                                                                                                                                                                  • Instruction ID: e6854483ed47aefba92efb93c2d642f9b0ed58c57e7e7b5a0d7d609f616d979e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 989af3b3d59cb0368f61ca77f129cdeb29dc6a1c3ddd44b3278c33da225025df
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E61C329F28A42A1F774EBA5E8647F923A8FF84784F440031DE4D63A96DF2DE5808740
                                                                                                                                                                                                                                                  Function 00007FFD938E2180 Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 177COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_new$R_set_debug$O_free$Y_freeY_get1_encoded_public_key
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_clnt.c$add_key_share$tls_construct_ctos_key_share
                                                                                                                                                                                                                                                  • API String ID: 2910640537-2776458525
                                                                                                                                                                                                                                                  • Opcode ID: 4865d4d5deb7a2acdb2f78b999820b8013f9469657d09b69bf8b184d77c852f9
                                                                                                                                                                                                                                                  • Instruction ID: c9ed37849cdfd62a8e9667302f9706443644f3665eb1b7c0c6b142c9dc9bef3a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4865d4d5deb7a2acdb2f78b999820b8013f9469657d09b69bf8b184d77c852f9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E718F61B0C78261EB78AB91E4647BA2398AF84BC0F540031EE8E67BD6DF3CE5408700
                                                                                                                                                                                                                                                  Function 00007FFD938EF7F0 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 139COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_mallocR_newR_set_debug$O_clear_freeO_freeX_freeX_new_from_pkeyY_encapsulate
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\s3_lib.c$ssl_encapsulate
                                                                                                                                                                                                                                                  • API String ID: 1298386825-1554727935
                                                                                                                                                                                                                                                  • Opcode ID: 1779be5004fc6655a02527e1373e511c72f1684f09e346fefe886900125854f5
                                                                                                                                                                                                                                                  • Instruction ID: c3bd41d6458289344c7b4a3749f556fde76338a663af0dacd606d7e1f3777941
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1779be5004fc6655a02527e1373e511c72f1684f09e346fefe886900125854f5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A51A325B09B42A1F734BBE6E8606BA6399FF85B84F404032ED8D27B95DE3DD541C740
                                                                                                                                                                                                                                                  Function 00007FFD938E2121 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 260COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$D_unlock$D_read_lockH_retrieve_time64memcmpmemcpy
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_sess.c$ssl_get_prev_session
                                                                                                                                                                                                                                                  • API String ID: 2856374240-1331951588
                                                                                                                                                                                                                                                  • Opcode ID: 0352ad9fc4eb995808501633053fa83929032a4800353e971eb6e04da81094a5
                                                                                                                                                                                                                                                  • Instruction ID: c8b5ef38a131a9e2aa39e75926101b2d1cb0085c3bb6a9d3dfc21e85aeb6c5fb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0352ad9fc4eb995808501633053fa83929032a4800353e971eb6e04da81094a5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 96C19F3AB1968292E7B4AFA5D4647B93368FB86B88F044131DE4E67795CF3CE644C700
                                                                                                                                                                                                                                                  Function 00007FFD938E17E9 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 136COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$O_freeO_malloc
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_parse_stoc_alpn
                                                                                                                                                                                                                                                  • API String ID: 3068916411-3270594983
                                                                                                                                                                                                                                                  • Opcode ID: 62731cddf9537b0aaf11cb1f3cec899e54faec6f444ceb808bf10051b318dc59
                                                                                                                                                                                                                                                  • Instruction ID: 416c12b67081e3f89a58eaafbf72b1d999000598dc9a45d272f1bd4cc911dc10
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 62731cddf9537b0aaf11cb1f3cec899e54faec6f444ceb808bf10051b318dc59
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F51C4A1B0DB82A1EB749BD1D4603BE2398EB84B84F544035DE5E2B7D6DF7CE5918700
                                                                                                                                                                                                                                                  Function 00007FFD9390D0C0 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_free$L_cleanse$D_lock_freeL_sk_pop_freeO_clear_freeO_free_ex_dataX509_free
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                                                                                  • API String ID: 4155952050-2868363209
                                                                                                                                                                                                                                                  • Opcode ID: 82691f811a331bd1f130281261cc35d788ecd773c836a68dec9266fb7c91e4e1
                                                                                                                                                                                                                                                  • Instruction ID: 919ed8c1c9cbb62261e2484a90932c1e6317ed28ef8cee03b595722d37955ce7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 82691f811a331bd1f130281261cc35d788ecd773c836a68dec9266fb7c91e4e1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B3317069B05707A2EB21AFE6D8757B9131DFB85F84F444031EC0D6B6EADE2CE2858710
                                                                                                                                                                                                                                                  Function 00007FFD938F70B0 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 357stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newstrncmp$R_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_ciph.c$SECLEVEL=$STRENGTH$ssl_cipher_process_rulestr
                                                                                                                                                                                                                                                  • API String ID: 1163294807-331183818
                                                                                                                                                                                                                                                  • Opcode ID: 75b08b654c2f2e97f5e09b9c71eb3839d8696c64fca3119346ee776943bfacbe
                                                                                                                                                                                                                                                  • Instruction ID: 9a5742111d0e1e3288efd391a8d5139adc52f840eb527b8b6304fbfc2789c4a9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 75b08b654c2f2e97f5e09b9c71eb3839d8696c64fca3119346ee776943bfacbe
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0FE18D72B0C68286F7748BA5A46077A7799FB847C4F505035FE8E63694DB3EEC418B80
                                                                                                                                                                                                                                                  Function 00007FFD9390D750 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 89COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error$O_zalloc
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_sess.c$SSL_SESSION_new
                                                                                                                                                                                                                                                  • API String ID: 1179349375-402823876
                                                                                                                                                                                                                                                  • Opcode ID: 14345e81860665dd88fc5b21882cf9813976ce1dd4121f2083c28ab1b41d5a00
                                                                                                                                                                                                                                                  • Instruction ID: d51875ee2a77b9c8a912bbacfe8fdc9c5b3896d8a129c2b58f32a1356868fbcd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 14345e81860665dd88fc5b21882cf9813976ce1dd4121f2083c28ab1b41d5a00
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B41BE29B19742A1F764ABA1D4A57F92398FF84B44F844036DD4D67796DE3CE1418B00
                                                                                                                                                                                                                                                  Function 00007FFD938E11DB Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_free$E_freeX509_Y_free$D_lock_freeL_sk_pop_freeX509_free
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_cert.c
                                                                                                                                                                                                                                                  • API String ID: 3478116879-349359282
                                                                                                                                                                                                                                                  • Opcode ID: 73eeb4c5e27859a205d1f8c0647ef6662eeac154cd29ec974cee8680553f9db9
                                                                                                                                                                                                                                                  • Instruction ID: c0610403a88d990cd54361011936858aa9c88260f40e2c380dd2d44f003198f6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 73eeb4c5e27859a205d1f8c0647ef6662eeac154cd29ec974cee8680553f9db9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D31C535B18B42A1EB64AFE5D4A03BD6328FB81B84F040031EE5E67696DF7CE5918740
                                                                                                                                                                                                                                                  Function 00007FFD9395A770 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 116COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$N_bin2bnO_freeO_strdup
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_srvr.c$tls_process_cke_srp
                                                                                                                                                                                                                                                  • API String ID: 1764459405-322974352
                                                                                                                                                                                                                                                  • Opcode ID: 74c333397c072aa9a6ddeb2cb3c3bf286bb879a8a81ad5ee7a14a1ec330dcb4f
                                                                                                                                                                                                                                                  • Instruction ID: 2389acfb5dd7d83f94d241c3d0cb50a1d18942ad2d0879ca05ec9517b9e1a9e1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74c333397c072aa9a6ddeb2cb3c3bf286bb879a8a81ad5ee7a14a1ec330dcb4f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C441AC65B18A43A5FB24ABF1E8327BA2358EF80B80F844031DD0E67792DE2DE5D1C740
                                                                                                                                                                                                                                                  Function 00007FFD938E17DF Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 112COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error$O_realloc
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_lib.c$dane_mtype_set
                                                                                                                                                                                                                                                  • API String ID: 945340710-1331952108
                                                                                                                                                                                                                                                  • Opcode ID: 0fb7b7cfeaf50520e69a1ec2a52772445afd1f7160cde6d5d69ac0a800822e94
                                                                                                                                                                                                                                                  • Instruction ID: c4b33cd20c41d32df28a2c9459047e79e927c85a076fd33ae7e4ffb5ae5192c5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0fb7b7cfeaf50520e69a1ec2a52772445afd1f7160cde6d5d69ac0a800822e94
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7841246AB1978662E3259BA0E8607BA63A8FB04744F404031EE4C337D1DF3CE695C700
                                                                                                                                                                                                                                                  Function 00007FFD93943210 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$O_freeY_free
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_clnt.c$tls_construct_cke_ecdhe
                                                                                                                                                                                                                                                  • API String ID: 110670684-68429018
                                                                                                                                                                                                                                                  • Opcode ID: 19574f2e61a281cf3ab16a34cf9e91df21e7e9f984fe4a11bad3e619a205312a
                                                                                                                                                                                                                                                  • Instruction ID: 664f9d1e0b78d38e07dabdb8757682611aefb9a87e16cd2a62557bda24c58b2c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 19574f2e61a281cf3ab16a34cf9e91df21e7e9f984fe4a11bad3e619a205312a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F41AC25B1C74262E734E7E2E8707AA2358AF95BC4F440032DD4E23AD6EF6CE5458B00
                                                                                                                                                                                                                                                  Function 00007FFD938ED140 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 73COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error$O_freeO_strdup
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\s3_lib.c$ssl3_ctrl
                                                                                                                                                                                                                                                  • API String ID: 1111623124-3079590724
                                                                                                                                                                                                                                                  • Opcode ID: f81a6dad30362f2ac4d5aea5d7ea7990be999d68f5c66084f97cb660a3f56ef9
                                                                                                                                                                                                                                                  • Instruction ID: de5b74c462600a8b5d9fcb7be5c7173433c3de7e51f62cc9b880d449aeccac79
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f81a6dad30362f2ac4d5aea5d7ea7990be999d68f5c66084f97cb660a3f56ef9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C031AE1DB2E642A9F7B4A7E4D8307FA2359AF45744F904032D90D22A96DF2DF889CB11
                                                                                                                                                                                                                                                  Function 00007FFD93949850 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 102COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$O_free
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_clnt.c$D:\a\1\s\include\internal/packet.h$tls_process_ske_psk_preamble
                                                                                                                                                                                                                                                  • API String ID: 1233037391-1906891150
                                                                                                                                                                                                                                                  • Opcode ID: c32beb0c017250df2eee1c67452449d6fc53f1958ce219b8d056d47456d4651c
                                                                                                                                                                                                                                                  • Instruction ID: 9217e92b73c4f75b3ff3bcd805879d1892e3e7842f03c9eece37348471a6dddb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c32beb0c017250df2eee1c67452449d6fc53f1958ce219b8d056d47456d4651c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6241B625F2C69191E330ABE5E4257EA6354FB44B84F440131EE8D27A96DF3CE591CB00
                                                                                                                                                                                                                                                  Function 00007FFD93924230 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 120COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_free$O_mallocmemset
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\record\rec_layer_d1.c$dtls1_buffer_record
                                                                                                                                                                                                                                                  • API String ID: 1168073369-935135588
                                                                                                                                                                                                                                                  • Opcode ID: bbb203ea5b1a93dd05b961416e493a5b80071b6bef534c061022f91b52cc2d7b
                                                                                                                                                                                                                                                  • Instruction ID: bbbb52fba1180b7e44548862a69fd4556a44febc63a1e3861ccb753da4b3723b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bbb203ea5b1a93dd05b961416e493a5b80071b6bef534c061022f91b52cc2d7b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2519016F18B8191E734EFB5E9603B96364EB95B84F445231EE4D27796EF2CE1C18700
                                                                                                                                                                                                                                                  Function 00007FFD938E1582 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: N_free$O_free
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\tls_srp.c
                                                                                                                                                                                                                                                  • API String ID: 3506937590-1778748169
                                                                                                                                                                                                                                                  • Opcode ID: 6781f8122e26c314c91ead8aaa1f52217c11aaa97b0d55223e0b2e92c9ed18e1
                                                                                                                                                                                                                                                  • Instruction ID: fd970dfaa35c25bb29941e73fbc1371d8913008b379782f26131326cce1bd085
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6781f8122e26c314c91ead8aaa1f52217c11aaa97b0d55223e0b2e92c9ed18e1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BA212C16F14B8292E765EFB1C8B53FC1328EBD4B48F086231FE5C5A256DF28A6D18710
                                                                                                                                                                                                                                                  Function 00007FFD938E16A4 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 109COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$O_freeO_malloc
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_parse_stoc_sct
                                                                                                                                                                                                                                                  • API String ID: 3068916411-3063144252
                                                                                                                                                                                                                                                  • Opcode ID: e3209f3bc727a2dd651899e6b245957a50e1b701d0121b7429ae77e6ae27f439
                                                                                                                                                                                                                                                  • Instruction ID: 77e7a0ee3068a64bf116b3db11fd4138eb2b6e3374f18908c40f23c03bc79788
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e3209f3bc727a2dd651899e6b245957a50e1b701d0121b7429ae77e6ae27f439
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E241E465B08B42A1E374ABD2E8217EA6398EF84B80F580030ED4E27BD5DF7DE180C700
                                                                                                                                                                                                                                                  Function 00007FFD938E24E6 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 98COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_new$R_set_debug$O_malloc
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_cert_status_body
                                                                                                                                                                                                                                                  • API String ID: 2635154176-3889181619
                                                                                                                                                                                                                                                  • Opcode ID: 5fcd6836c9caa6e40f406a546cb1020a66fccfedf7f6b9b8c4a4320bd35a03f7
                                                                                                                                                                                                                                                  • Instruction ID: 65c96b775a303b9aa9b4f955fe444ecc100034ef8cb6704b71a11114e94e1ffe
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5fcd6836c9caa6e40f406a546cb1020a66fccfedf7f6b9b8c4a4320bd35a03f7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F41C321B18B51A1E764ABE1E8207BD6398FF45B80F844032EA4E27BD6DF2CE5918700
                                                                                                                                                                                                                                                  Function 00007FFD939312E0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_freeR_newR_set_debug$Y_freeY_get1_encoded_public_key
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_clnt.c$add_key_share
                                                                                                                                                                                                                                                  • API String ID: 2306805868-2958431780
                                                                                                                                                                                                                                                  • Opcode ID: 0effa3f28fd81e029e1e2bef8d3d4f795195dbca90a63bb6ef66fcf9d34d6eaf
                                                                                                                                                                                                                                                  • Instruction ID: 4e1e19ed83bd8ecc37ea012bd7ab46e369c4755f3a3ee426b15f63d50a0cbfeb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0effa3f28fd81e029e1e2bef8d3d4f795195dbca90a63bb6ef66fcf9d34d6eaf
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F41B365B0C642A1EB74B7D5E8647BA2398EF45BC4F140431EE8D27BEADE7DD5808700
                                                                                                                                                                                                                                                  Function 00007FFD938E23D8 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 122COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\s3_enc.c$ssl3_setup_key_block
                                                                                                                                                                                                                                                  • API String ID: 0-2303705756
                                                                                                                                                                                                                                                  • Opcode ID: 7ab0987e915193302a3a42c673fd026e7866da21d55a71d85de0a0bc2a63dbcb
                                                                                                                                                                                                                                                  • Instruction ID: 8375ae3701d99f611a2a511eb0e637a05d1456ff47c81385b6741d53be2ecd55
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7ab0987e915193302a3a42c673fd026e7866da21d55a71d85de0a0bc2a63dbcb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C851A036B08B8596E778EBA5E1643EDB3A8FB88B80F400135EB5C53745DF79E1618B40
                                                                                                                                                                                                                                                  Function 00007FFD939235E0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_free$L_cleanse
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\record\rec_layer_d1.c
                                                                                                                                                                                                                                                  • API String ID: 927910673-1306860146
                                                                                                                                                                                                                                                  • Opcode ID: 87c20ce79d9b1f955aa4e8903e29a6a14f52e0d8b90f8ee282dfd8fdd339abbe
                                                                                                                                                                                                                                                  • Instruction ID: 194e458729ecb0548e190c402cca9474701cb362acc00d5997b2733e27d25bb4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 87c20ce79d9b1f955aa4e8903e29a6a14f52e0d8b90f8ee282dfd8fdd339abbe
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D515C66B15B4291EB24EFA6D4A03692368FBC8F84F049135DE4D27B5ADF28E481C700
                                                                                                                                                                                                                                                  Function 00007FFD93954809 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 104COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$O_freeO_memdup
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_srvr.c$D:\a\1\s\include\internal/packet.h$tls_process_next_proto
                                                                                                                                                                                                                                                  • API String ID: 3243760035-2889161144
                                                                                                                                                                                                                                                  • Opcode ID: e120c9a872ecc42cddbb7fd9e87eb454002df738bb9dd558f99bda084246718d
                                                                                                                                                                                                                                                  • Instruction ID: f55f100780cae1e4447b334051508f2e1b05f21b0f5c86c1f0acd12cdcbd122b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e120c9a872ecc42cddbb7fd9e87eb454002df738bb9dd558f99bda084246718d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C041D526B1C78191E7209B95F4203BAA3A8FB95B84F440131EECD27B96EF6CD5D18740
                                                                                                                                                                                                                                                  Function 00007FFD938E236F Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$O_freeO_memdup
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_srvr.c$D:\a\1\s\include\internal/packet.h$tls_process_next_proto
                                                                                                                                                                                                                                                  • API String ID: 3243760035-2889161144
                                                                                                                                                                                                                                                  • Opcode ID: a3c409e485f6a926ab1cdfc2d714f3772bd454bb9213ec4b09bab610af5c7fe9
                                                                                                                                                                                                                                                  • Instruction ID: d3cc98ea98deb448151f9dc72f775ac9543f8ce89bc58e4b45d537e07dd47d54
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a3c409e485f6a926ab1cdfc2d714f3772bd454bb9213ec4b09bab610af5c7fe9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E41B726B1DB8195EB309BA1E4203B9B3A4FB59784F444131EE8D67696EF7CD2D08B40
                                                                                                                                                                                                                                                  Function 00007FFD938E20EF Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_mallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\t1_lib.c$tls1_set_sigalgs
                                                                                                                                                                                                                                                  • API String ID: 2261483606-2076144160
                                                                                                                                                                                                                                                  • Opcode ID: d1036dbe8b9a9d680c55c8a37dc255ee52f0efd95901680dc470d1b35e351fcc
                                                                                                                                                                                                                                                  • Instruction ID: 8e1627d36b12709d98198da87ba4f624e83e1eab7edf9b78f2094f3ed88033ed
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1036dbe8b9a9d680c55c8a37dc255ee52f0efd95901680dc470d1b35e351fcc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4241E425B08742A5E7B4DBE9E4607EAB365EB49B80F544434DE4D33B86DE3CE480C750
                                                                                                                                                                                                                                                  Function 00007FFD938E11BD Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_mallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\t1_lib.c$tls1_set_raw_sigalgs
                                                                                                                                                                                                                                                  • API String ID: 2261483606-2202831108
                                                                                                                                                                                                                                                  • Opcode ID: f881d78ce60898aab7decfc7794186c0dca4c0da06903e580fa000e5301e5333
                                                                                                                                                                                                                                                  • Instruction ID: e77784328bdbacb5287e45b77e8916902661414ba27a7ca10b74c48be5b33546
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f881d78ce60898aab7decfc7794186c0dca4c0da06903e580fa000e5301e5333
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57315C76719791A1E770DBD6E8607EA6369EB49B80F440136DE8E27B86DF3CE140CB10
                                                                                                                                                                                                                                                  Function 00007FFD93928810 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 127COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_malloc$O_freeR_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\record\ssl3_buffer.c$ssl3_setup_read_buffer$ssl3_setup_write_buffer
                                                                                                                                                                                                                                                  • API String ID: 2137838121-2302522825
                                                                                                                                                                                                                                                  • Opcode ID: b2237dc3ad2a0b7f9fbd81a1f7904b293cd1b0b1d027716fef620bf8d9d518d0
                                                                                                                                                                                                                                                  • Instruction ID: 446f284e17316a11d1cb05d5ad09bb4deaccc760916ba3e9949aef4f71d6b150
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b2237dc3ad2a0b7f9fbd81a1f7904b293cd1b0b1d027716fef620bf8d9d518d0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4051DF76B08B4191FB20AB96E8647A973E8FB84B88F590535DE5C67795CF3DD881C300
                                                                                                                                                                                                                                                  Function 00007FFD938E25D6 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 106COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$O_mallocmemcpy
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_session_ticket
                                                                                                                                                                                                                                                  • API String ID: 1077327330-3277354937
                                                                                                                                                                                                                                                  • Opcode ID: 34f50cc33240a351c06fc794800c2bbf0ccc92b46abde09b13168cf331eeefe5
                                                                                                                                                                                                                                                  • Instruction ID: 84d88ac5ead8d83f8368a107e48cbf00d6a6445f94281c522a615a0f054a7eac
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 34f50cc33240a351c06fc794800c2bbf0ccc92b46abde09b13168cf331eeefe5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A41A2A6B09647A1FB789B95D4A03B863A8FB44F80F484035DA0E67BD5CF7CE990C700
                                                                                                                                                                                                                                                  Function 00007FFD938E1361 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_freeO_mallocR_pop_to_markX_freeX_new_from_pkeyY_freeY_set_type
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                                                                                  • API String ID: 355840433-1643863364
                                                                                                                                                                                                                                                  • Opcode ID: 3db9531d2b6dc588749f5d3fc88387a9a97764fba650647e6dd075ed364377c7
                                                                                                                                                                                                                                                  • Instruction ID: 1dfe389801e8e98ce75145f7ae8a8982f13d2e866ed356315c46929976170a20
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3db9531d2b6dc588749f5d3fc88387a9a97764fba650647e6dd075ed364377c7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C631D066B0978291E620EFD5E5603BE63A8FB49B88F414031EE4C37746DF38E1958700
                                                                                                                                                                                                                                                  Function 00007FFD938E23EC Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 78COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_free$O_memdupR_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_lib.c$SSL_CTX_set_alpn_protos
                                                                                                                                                                                                                                                  • API String ID: 4248801101-316209205
                                                                                                                                                                                                                                                  • Opcode ID: bf4364809ae8a05de32655148bce9c8f48aa6b28b6be34ffc1ce87862ef84e29
                                                                                                                                                                                                                                                  • Instruction ID: 35757db12599435d45c2f00eb4c785ab3da5f755c6e7e001ac4159ac4f837563
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf4364809ae8a05de32655148bce9c8f48aa6b28b6be34ffc1ce87862ef84e29
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A31E575F2868692E7708BA0E460BAA2398FF45B84F481031DE4D23F89DE2CE885C700
                                                                                                                                                                                                                                                  Function 00007FFD938E1401 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_free$O_mallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\t1_lib.c$tls1_save_u16
                                                                                                                                                                                                                                                  • API String ID: 1304317871-3868075628
                                                                                                                                                                                                                                                  • Opcode ID: 191a281176afeb264a1d7232f9b2cfbaaed705c110a9ced922615b568f44c63c
                                                                                                                                                                                                                                                  • Instruction ID: 6f24519df64802f456a3a209518930158d99f6d14f0e40eb893246fd376f0899
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 191a281176afeb264a1d7232f9b2cfbaaed705c110a9ced922615b568f44c63c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB319025B1CB92A1E760CBD1E5603AE6368EB89BC0F484031EA4D73B96DE3DE941D700
                                                                                                                                                                                                                                                  Function 00007FFD938E2126 Relevance: 13.6, APIs: 9, Instructions: 73COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 313767242-0
                                                                                                                                                                                                                                                  • Opcode ID: 8ddad5856ca7d92d08f3a49177604ac729a807c7ded62544596a6cea2bdea3ec
                                                                                                                                                                                                                                                  • Instruction ID: 9c8ef9e93c5bdea1b0408f1eabbf4950eaa8a67396ae2bdf10f4a0178c850918
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ddad5856ca7d92d08f3a49177604ac729a807c7ded62544596a6cea2bdea3ec
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB315C76B09B819AEB709FA0E8603ED6368FB84744F40403ADA4D67B98EF3DD548C714
                                                                                                                                                                                                                                                  Function 00007FFD93906758 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 130COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: %02x$..\s\ssl\ssl_lib.c$nss_keylog_int
                                                                                                                                                                                                                                                  • API String ID: 0-321016803
                                                                                                                                                                                                                                                  • Opcode ID: 46b257941670f0170780c4bea91d59f85c5130b6669692529197f8fcf2474ec3
                                                                                                                                                                                                                                                  • Instruction ID: 2a6577c5b32b31000292313a6ef9aec2b6d3c83b6ef0d62fc00e8123dbbb4adf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 46b257941670f0170780c4bea91d59f85c5130b6669692529197f8fcf2474ec3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C510827B0D78296EB619F99F46036A6798FB45B84F480036DE8D27796DF3DE041C700
                                                                                                                                                                                                                                                  Function 00007FFD938F7730 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 116COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_freeO_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_ciph.c$ssl_cipher_strength_sort
                                                                                                                                                                                                                                                  • API String ID: 2487674020-1223572542
                                                                                                                                                                                                                                                  • Opcode ID: b04ef35ca2b519efab378e83bc892820f751471ee896cde5e0915d34dc851a37
                                                                                                                                                                                                                                                  • Instruction ID: f0095d9b14cee98032bfc2f00343b17a03f699e983bcea5ef0c9b9ab5ba7b342
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b04ef35ca2b519efab378e83bc892820f751471ee896cde5e0915d34dc851a37
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE41D076B14B4186FA24CF91E5606B937A9FB44BC0F508432EE0C63745EF3AE980C780
                                                                                                                                                                                                                                                  Function 00007FFD93937770 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_freeO_memdup
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_cust.c
                                                                                                                                                                                                                                                  • API String ID: 3962629258-3973221358
                                                                                                                                                                                                                                                  • Opcode ID: f513b24519971439065d8ac0baefa25f29694b2f961c74c5c8df209c3117cd2f
                                                                                                                                                                                                                                                  • Instruction ID: c4d7a5d3f591393d0c7df1b3426bf8acea744ecea6f43208aa204092b5c75877
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f513b24519971439065d8ac0baefa25f29694b2f961c74c5c8df209c3117cd2f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E641A276B09B46A1EB34DB81F4A07A963A8FB44B88F054136DE9D17B90EF7CE590C300
                                                                                                                                                                                                                                                  Function 00007FFD938E222A Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 100COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ERR_new.LIBCRYPTO-3 ref: 00007FFD9395BC1A
                                                                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3 ref: 00007FFD9395BC32
                                                                                                                                                                                                                                                  • CRYPTO_clear_free.LIBCRYPTO-3 ref: 00007FFD9395BD30
                                                                                                                                                                                                                                                    • Part of subcall function 00007FFD93959F10: ERR_new.LIBCRYPTO-3(?,?,00007FFD9395BC05), ref: 00007FFD93959F9D
                                                                                                                                                                                                                                                    • Part of subcall function 00007FFD93959F10: ERR_set_debug.LIBCRYPTO-3(?,?,00007FFD9395BC05), ref: 00007FFD93959FB5
                                                                                                                                                                                                                                                    • Part of subcall function 00007FFD938E1CEE: CRYPTO_malloc.LIBCRYPTO-3 ref: 00007FFD938EFC82
                                                                                                                                                                                                                                                    • Part of subcall function 00007FFD938E1CEE: memset.VCRUNTIME140 ref: 00007FFD938EFCB0
                                                                                                                                                                                                                                                    • Part of subcall function 00007FFD938E1CEE: memcpy.VCRUNTIME140 ref: 00007FFD938EFCE5
                                                                                                                                                                                                                                                    • Part of subcall function 00007FFD938E1CEE: CRYPTO_clear_free.LIBCRYPTO-3 ref: 00007FFD938EFD01
                                                                                                                                                                                                                                                    • Part of subcall function 00007FFD938E1CEE: CRYPTO_clear_free.LIBCRYPTO-3 ref: 00007FFD938EFD5A
                                                                                                                                                                                                                                                    • Part of subcall function 00007FFD938E1CEE: CRYPTO_clear_free.LIBCRYPTO-3 ref: 00007FFD938EFDD2
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_clear_free$R_newR_set_debug$O_mallocmemcpymemset
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_srvr.c$tls_process_client_key_exchange
                                                                                                                                                                                                                                                  • API String ID: 1067245891-2687227884
                                                                                                                                                                                                                                                  • Opcode ID: 4347a22b7538b2f0fac3c4a6be788767f3649102e8d0188d1ae8a515132bdfe7
                                                                                                                                                                                                                                                  • Instruction ID: e588389bca3ec81271411ba3d34279410067c4eb1affa220a74534e6fe2b0a87
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4347a22b7538b2f0fac3c4a6be788767f3649102e8d0188d1ae8a515132bdfe7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E412E61B1C74364F6749BE9E8767BA1399AF44B80F544032DD0F67BDACE6CE4818704
                                                                                                                                                                                                                                                  Function 00007FFD938E1087 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: D_run_once$R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_init.c$OPENSSL_init_ssl
                                                                                                                                                                                                                                                  • API String ID: 3879570137-3839768916
                                                                                                                                                                                                                                                  • Opcode ID: 666247f15fd5848fa57251a9335fcc4b0e3714a3a6f5c17cf0bb252670204cea
                                                                                                                                                                                                                                                  • Instruction ID: 3dba35cabcb1d6c9b640be996dbabaa502a4c289a2ed95c76f353087f2d73d9c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 666247f15fd5848fa57251a9335fcc4b0e3714a3a6f5c17cf0bb252670204cea
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B131C321B1D203A6FB70ABD5E8717B9239DAFC0380F981135D81E626D1DF2DE981C780
                                                                                                                                                                                                                                                  Function 00007FFD938E26AD Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 65COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_freeO_strdupR_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_lib.c$SSL_CTX_use_psk_identity_hint
                                                                                                                                                                                                                                                  • API String ID: 598019968-601318550
                                                                                                                                                                                                                                                  • Opcode ID: 9805dc3135f462e5b1b8f8fa41e784a61d9077c7ea73bfb9628992d08bc5ff00
                                                                                                                                                                                                                                                  • Instruction ID: 83f906526a8b0be9d1d63ef4e56bb5ac7cbb6a3a05f5373712dc24e09b3b34b6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9805dc3135f462e5b1b8f8fa41e784a61d9077c7ea73bfb9628992d08bc5ff00
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC21C461F28746A5FBA4D7E5E8A43F92394FB48780F444031DA4D977D2DE2DE8818700
                                                                                                                                                                                                                                                  Function 00007FFD938E22D4 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_free$F_parse_listO_mallocO_memdup
                                                                                                                                                                                                                                                  • String ID: ($..\s\ssl\t1_lib.c
                                                                                                                                                                                                                                                  • API String ID: 3703324232-198664497
                                                                                                                                                                                                                                                  • Opcode ID: 1887056e8af1d745cb53f732cd401761057caae5ad505e6df00a298f56d3623d
                                                                                                                                                                                                                                                  • Instruction ID: 2bd30437669e0a9e8b9c6da78e085db2f6e964fd202b50a5f04bb8ad70791b0b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1887056e8af1d745cb53f732cd401761057caae5ad505e6df00a298f56d3623d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 89216F36B09B4292EB209B85F4903AA6769FB89BC0F144035EE8D67B99DF3CD551CB00
                                                                                                                                                                                                                                                  Function 00007FFD938E2590 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_mallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\record\rec_layer_d1.c$DTLS_RECORD_LAYER_new
                                                                                                                                                                                                                                                  • API String ID: 2261483606-2598386108
                                                                                                                                                                                                                                                  • Opcode ID: b4b8396036985612f7ae0a8ffb7ed2bc61f330508f79e3ce729188609297376b
                                                                                                                                                                                                                                                  • Instruction ID: bd3202c988d840958001f8e1f64b4a3142ec241eafecc17a6fdf7395360a23c1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b4b8396036985612f7ae0a8ffb7ed2bc61f330508f79e3ce729188609297376b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B7217165B28B0291EB78BBE5E4A13B92398EF84B44F441035DA0D277C6EE2DE890C740
                                                                                                                                                                                                                                                  Function 00007FFD93941126 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_free$R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_encrypted_extensions
                                                                                                                                                                                                                                                  • API String ID: 3271392029-215004271
                                                                                                                                                                                                                                                  • Opcode ID: 722d444f2522c4f7b79969b85d7b454d2b473e7931e03076ba07f6d6bf35ef80
                                                                                                                                                                                                                                                  • Instruction ID: f20e50d2a2a04397c0bee8dbd1f7a5488eeab482ba0a010a021e0e42bc02bcf9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 722d444f2522c4f7b79969b85d7b454d2b473e7931e03076ba07f6d6bf35ef80
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E831C872B2C79191EB609BD1F4543AAA798FB847D8F044131EA8D67B4DDF7CD1908B00
                                                                                                                                                                                                                                                  Function 00007FFD939466E0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_free$R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_encrypted_extensions
                                                                                                                                                                                                                                                  • API String ID: 3271392029-215004271
                                                                                                                                                                                                                                                  • Opcode ID: ac0c1e3f4ecaa30dbc65637333d3f67ef54ed854728198c7015c504b23501b3e
                                                                                                                                                                                                                                                  • Instruction ID: 90a8e523c9af6c548fe0a37492fe8163c4f1ed6cb3cad5b8f50bbaaaf9e91c2a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ac0c1e3f4ecaa30dbc65637333d3f67ef54ed854728198c7015c504b23501b3e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4731D4B2B2878151E7609BE0E4657AA7794FB84784F005135EACD67B99DF7CD1C4CB00
                                                                                                                                                                                                                                                  Function 00007FFD9394D170 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_mallocR_newR_set_debugmemcpy
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_lib.c$construct_key_exchange_tbs
                                                                                                                                                                                                                                                  • API String ID: 3542074325-1491770217
                                                                                                                                                                                                                                                  • Opcode ID: 204a1c1f0aea44cfdd663ba2e0a8cdd82f61fa154370159ceae9c60c6935e93a
                                                                                                                                                                                                                                                  • Instruction ID: 5d23eb39fba2465b2ef48c7868c581a8f8ca4131f2d13309ace50c16ec1a204a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 204a1c1f0aea44cfdd663ba2e0a8cdd82f61fa154370159ceae9c60c6935e93a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D321A426F08B81A2E725DBA5E9116E96724FB98B80F449231DF4C23757EF38E2D5C700
                                                                                                                                                                                                                                                  Function 00007FFD938E4300 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\crypto\packet.c$wpacket_intern_init_len
                                                                                                                                                                                                                                                  • API String ID: 3755831613-2385383871
                                                                                                                                                                                                                                                  • Opcode ID: 667439262e8e2320ee444a3f9abe47934b0530f35cbc9dec6e428bd711a76e2b
                                                                                                                                                                                                                                                  • Instruction ID: 2e077996b039690792abce6b7bacded806b9285f87702a1617b3b77551445b18
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 667439262e8e2320ee444a3f9abe47934b0530f35cbc9dec6e428bd711a76e2b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 31110632B1974196D768EFD8F4906A973A8FF48748F984034DA0C57B46EF39E5A2C700
                                                                                                                                                                                                                                                  Function 00007FFD938F47F0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_freeX509_i2d_$memcmp
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_cert.c
                                                                                                                                                                                                                                                  • API String ID: 1487052844-349359282
                                                                                                                                                                                                                                                  • Opcode ID: dc1644b5511a283c6f7cb63a4157bf06027d02ec6f6bc83d03ceb41eb3366968
                                                                                                                                                                                                                                                  • Instruction ID: d63812a07c06589ba284b2f4b66f47958545e186703d5973e9c40a7d79fd7fb4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc1644b5511a283c6f7cb63a4157bf06027d02ec6f6bc83d03ceb41eb3366968
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B012B26B0C74351EB30ABD9F46026B576ADF85BD0F140031EE5D57B99DE3ED4804B00
                                                                                                                                                                                                                                                  Function 00007FFD938E1389 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\crypto\packet.c$wpacket_intern_init_len
                                                                                                                                                                                                                                                  • API String ID: 3755831613-2385383871
                                                                                                                                                                                                                                                  • Opcode ID: 06cd698d7b9b9c1015e08acfd5484ab58efbd7fefce8ff155c0a379484c2fd19
                                                                                                                                                                                                                                                  • Instruction ID: 19042725ad86714d6ca2c07053255944e0843e80f9101aff9ac8300c84d1058f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 06cd698d7b9b9c1015e08acfd5484ab58efbd7fefce8ff155c0a379484c2fd19
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C311E332B0874292D724AFE8F4902A973A8FB04728FA44234DA6C177D1DF39D592C700
                                                                                                                                                                                                                                                  Function 00007FFD9394B0D0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 233COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CRYPTO_free.LIBCRYPTO-3(?,00000000,?,?,?,00007FFD9394ADAD), ref: 00007FFD9394B260
                                                                                                                                                                                                                                                  • CRYPTO_free.LIBCRYPTO-3(?,00000000,?,?,?,00007FFD9394ADAD), ref: 00007FFD9394B276
                                                                                                                                                                                                                                                  • CRYPTO_free.LIBCRYPTO-3(?,00000000,?,?,?,00007FFD9394ADAD), ref: 00007FFD9394B28B
                                                                                                                                                                                                                                                    • Part of subcall function 00007FFD9394A930: CRYPTO_zalloc.LIBCRYPTO-3(?,00007FFD93949E38), ref: 00007FFD9394A96B
                                                                                                                                                                                                                                                    • Part of subcall function 00007FFD9394A930: ERR_new.LIBCRYPTO-3(?,00007FFD93949E38), ref: 00007FFD9394A978
                                                                                                                                                                                                                                                    • Part of subcall function 00007FFD9394A930: ERR_set_debug.LIBCRYPTO-3(?,00007FFD93949E38), ref: 00007FFD9394A98E
                                                                                                                                                                                                                                                    • Part of subcall function 00007FFD9394A930: ERR_set_error.LIBCRYPTO-3(?,00007FFD93949E38), ref: 00007FFD9394A99E
                                                                                                                                                                                                                                                  • CRYPTO_free.LIBCRYPTO-3(?,00000000,?,?,?,00007FFD9394ADAD), ref: 00007FFD9394B41D
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_free$O_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_dtls.c
                                                                                                                                                                                                                                                  • API String ID: 346603204-3140652063
                                                                                                                                                                                                                                                  • Opcode ID: ef80318c4711b4b759b5a82d33388bf0b19f1c365fadacbfa456b2f4d669c9f1
                                                                                                                                                                                                                                                  • Instruction ID: d058933ccc51e738951edf5a6131dbaae4a1a96fe23c88b4371a025ac8ef5eb3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef80318c4711b4b759b5a82d33388bf0b19f1c365fadacbfa456b2f4d669c9f1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ECA1F172708A9592EB34CB65D8642BE77A4FB55B84F044232DB8E53B86EF3CE194C740
                                                                                                                                                                                                                                                  Function 00007FFD938E108C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_free
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_cookie
                                                                                                                                                                                                                                                  • API String ID: 2581946324-1257894829
                                                                                                                                                                                                                                                  • Opcode ID: 71d92291d3b78b7b1c5af275acf163bb73349c58d5933bb904c1c39a485cacda
                                                                                                                                                                                                                                                  • Instruction ID: 57ad3e429c95ea5064efd1a6cf091bea4e7ff78f9d901f04d73a43e7b53ac5fc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71d92291d3b78b7b1c5af275acf163bb73349c58d5933bb904c1c39a485cacda
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 472192A5B18646A1F774BB92E5607BA2358EF44BC8F180031EE4D6BBDADF2CD541C710
                                                                                                                                                                                                                                                  Function 00007FFD93940700 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_clear_freeR_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_clnt.c$tls_client_key_exchange_post_work
                                                                                                                                                                                                                                                  • API String ID: 868266018-2346923134
                                                                                                                                                                                                                                                  • Opcode ID: de79e8b39e11c8c62ec5b26a70c4fe3dacaf3cab57f0f9421278fbee4736eca7
                                                                                                                                                                                                                                                  • Instruction ID: fc221adbffe8c17a06ceb45cae3c81afdc9ed5649cd003933550e22d5a10862d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: de79e8b39e11c8c62ec5b26a70c4fe3dacaf3cab57f0f9421278fbee4736eca7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80115125B1875662F7B4ABE29A257B96358BF44FC4F480132DD4E777CACE2CE5418B00
                                                                                                                                                                                                                                                  Function 00007FFD938E1262 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: L_sk_pop_freeO_freeX509_freeY_free
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_cert.c
                                                                                                                                                                                                                                                  • API String ID: 1247630535-349359282
                                                                                                                                                                                                                                                  • Opcode ID: 24b314e282b566103a9c86e58b143d12934b6053f160aa45369882e913cf9f7a
                                                                                                                                                                                                                                                  • Instruction ID: 9d64774e3b501e430de1e7a3627ed855dbaa971eaf2d5d3ed80df7bfa9809673
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24b314e282b566103a9c86e58b143d12934b6053f160aa45369882e913cf9f7a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC01A13AB18B5191E760ABA5E0A02AD3368FB84F88F040131EF8D67B49CF7CD651C780
                                                                                                                                                                                                                                                  Function 00007FFD938E139D Relevance: 7.6, APIs: 5, Instructions: 83COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: D_unlock$D_read_lockH_retrievememcpy
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3379989983-0
                                                                                                                                                                                                                                                  • Opcode ID: b56bc4609a403205738e1537f0386d817e3d71f52d62407c5673418f8bd9494f
                                                                                                                                                                                                                                                  • Instruction ID: 5042c778425baf949060e2213fdeed1b5b0147b44bdc5bb4593f874a2c6a0bb6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b56bc4609a403205738e1537f0386d817e3d71f52d62407c5673418f8bd9494f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A31086AB1AA8296EA75ABD2D4603B97368FF84F88F044032DE0D57791EF3CE051C700
                                                                                                                                                                                                                                                  Function 00007FFD9392D2F0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 200COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: D_bytes_exO_mallocmemset
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\record\tls_pad.c
                                                                                                                                                                                                                                                  • API String ID: 2022753641-3631836059
                                                                                                                                                                                                                                                  • Opcode ID: 20b6bad2e288fa1953e84d48e46959ade97dca001cf6e78dcd1cc0bfb829beb0
                                                                                                                                                                                                                                                  • Instruction ID: 7e8a453d568a1eed8201ca319d22b84034980bdf28a32002b3b515933508e628
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 20b6bad2e288fa1953e84d48e46959ade97dca001cf6e78dcd1cc0bfb829beb0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A610233718B845AEA71CFA1E420BEAA7A5F749B88F084131EE9D47B84EE3CD145C700
                                                                                                                                                                                                                                                  Function 00007FFD938F97B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_freeO_strdup
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_conf.c$gfffffff
                                                                                                                                                                                                                                                  • API String ID: 2148955802-4123734156
                                                                                                                                                                                                                                                  • Opcode ID: f6d5f6f74aca4813406220e93ac092d3ea3d90d5a024274672e554b65dd5b593
                                                                                                                                                                                                                                                  • Instruction ID: f900809395ea020ae0f5d5745581b63fdc8d1b0f67496ccb8d339c28b487050b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f6d5f6f74aca4813406220e93ac092d3ea3d90d5a024274672e554b65dd5b593
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8921C172B15B4585EF64DFA6E45026923A5EBC8FC4F194435DE0D97759DF2CE4008780
                                                                                                                                                                                                                                                  Function 00007FFD9390E5E0 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: D_unlockD_write_lockH_deleteH_retrieve
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3040165603-0
                                                                                                                                                                                                                                                  • Opcode ID: 0d87fcf42db8673e3f88437e4a9e79d483f35fda6575fe151577583f46c793ef
                                                                                                                                                                                                                                                  • Instruction ID: 111c9512fcbd2e2a48cfec1fcbf8af71c6f2825990b8f6e66c0e6d9e8f9f92b0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d87fcf42db8673e3f88437e4a9e79d483f35fda6575fe151577583f46c793ef
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1219365F1AB9255EB64BB92A52037DA398BF84FC4F081131EE4D67B89CF3CD4408700
                                                                                                                                                                                                                                                  Function 00007FFD9392E0C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_free
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions.c
                                                                                                                                                                                                                                                  • API String ID: 2581946324-1165805907
                                                                                                                                                                                                                                                  • Opcode ID: 4721d8e21139d140ba5e5aeca6091ef62695f224bc40ffbc63c354977b575d49
                                                                                                                                                                                                                                                  • Instruction ID: 9d6773092e8f391e8724b12ca72c175b2733b96e4841890ccbcd9c3d86b10020
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4721d8e21139d140ba5e5aeca6091ef62695f224bc40ffbc63c354977b575d49
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C01F4B6B04B4185D7509F55E8503AA73A8EB45F88F58403ADF4D07B9ADE3CC485C724
                                                                                                                                                                                                                                                  Function 00007FFD938EF060 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_freeO_memdup
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                                                  • API String ID: 3962629258-4238427508
                                                                                                                                                                                                                                                  • Opcode ID: b3154613f53ef167ab7daa8a0e1c38d679cf26e8b6900d9a2b3324e2e10337e5
                                                                                                                                                                                                                                                  • Instruction ID: e218e93dd93f24cb85552f77cb99eda705e3f997386ae0595f0bc3d4ce67af15
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b3154613f53ef167ab7daa8a0e1c38d679cf26e8b6900d9a2b3324e2e10337e5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D014431B1AB8151EBA9DB95E4503E9A394FF48BC4F484031EF5C57B49DF2DE5A18700
                                                                                                                                                                                                                                                  Function 00007FFD938E23E7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_freeO_memdup
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                                                                                  • API String ID: 3962629258-2868363209
                                                                                                                                                                                                                                                  • Opcode ID: 83ba57ea2f63e5d25bc25b3a12f57e5ab8c16677182ba9d2e40e584531579eb6
                                                                                                                                                                                                                                                  • Instruction ID: f0e707e41100f541fbbcb05173af6a09f26d474a0f4924c739c02bbe9bc0c062
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 83ba57ea2f63e5d25bc25b3a12f57e5ab8c16677182ba9d2e40e584531579eb6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E01C429B09F9191E7A18B96E4603A96398FF48FC4F084130EE5D67B89DE2CD5828700
                                                                                                                                                                                                                                                  Function 00007FFD939522F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_freeO_memdup
                                                                                                                                                                                                                                                  • String ID: D:\a\1\s\include\internal/packet.h
                                                                                                                                                                                                                                                  • API String ID: 3962629258-2521442236
                                                                                                                                                                                                                                                  • Opcode ID: a85e3e8a24e4eeb428877a109fc4a13ce6daae351462691f4826fbe199c60bae
                                                                                                                                                                                                                                                  • Instruction ID: 5d31aa7b2df22b7ec84acddeba3f8729d0dd535fd635aa46b43dc7c1ce8fa05d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a85e3e8a24e4eeb428877a109fc4a13ce6daae351462691f4826fbe199c60bae
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A012132716B4191E7609F82F89065A63A8FB58BC0F088431EF8D57B45DE3CD5518700
                                                                                                                                                                                                                                                  Function 00007FFD939310C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_freeO_memdup
                                                                                                                                                                                                                                                  • String ID: D:\a\1\s\include\internal/packet.h
                                                                                                                                                                                                                                                  • API String ID: 3962629258-2521442236
                                                                                                                                                                                                                                                  • Opcode ID: 5c9a391c5fce4b3c39c833a93ec03fc47235617262c5e6ce7e8a3ffd3ad7be05
                                                                                                                                                                                                                                                  • Instruction ID: c21059a90d670b6f06fa4d062ea21170f491a3afbd38cf5c36206ae9d050adda
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c9a391c5fce4b3c39c833a93ec03fc47235617262c5e6ce7e8a3ffd3ad7be05
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BA014F32716B4291EB60DF82F89069A73A8FB58BC0F488431EF8C57B59EE3CD5518700
                                                                                                                                                                                                                                                  Function 00007FFD939380A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_freeO_memdup
                                                                                                                                                                                                                                                  • String ID: D:\a\1\s\include\internal/packet.h
                                                                                                                                                                                                                                                  • API String ID: 3962629258-2521442236
                                                                                                                                                                                                                                                  • Opcode ID: 7a12c30d039aab29ca18a9a7f49df08bc5c3acf6ca22f1b678d7b131251c0348
                                                                                                                                                                                                                                                  • Instruction ID: bc85544a13020720a5dc63645be158cca174117efcbbcbd0d68bccbb4b9558da
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a12c30d039aab29ca18a9a7f49df08bc5c3acf6ca22f1b678d7b131251c0348
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A012C3271AB4291EB609F82E89069A6368FB58BC0F088431EF8C57B45EE3CD5518700
                                                                                                                                                                                                                                                  Function 00007FFD9393F660 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_freeO_memdup
                                                                                                                                                                                                                                                  • String ID: D:\a\1\s\include\internal/packet.h
                                                                                                                                                                                                                                                  • API String ID: 3962629258-2521442236
                                                                                                                                                                                                                                                  • Opcode ID: b1ba4f676e7cba9f2f2b58de4d4b341a4c05a7496b7e0e1d6a7617de362f3e5d
                                                                                                                                                                                                                                                  • Instruction ID: 1afc19e4737178c5eeb0287965e949a705cf3e351d9f1ad4b6a566af19a619a0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b1ba4f676e7cba9f2f2b58de4d4b341a4c05a7496b7e0e1d6a7617de362f3e5d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 58014F32716B4291EB60DF82F89069A7368FB58BC0F088431EF8D57B55EE3CD5518700
                                                                                                                                                                                                                                                  Function 00007FFD938F14E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_freeO_strndup
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_asn1.c
                                                                                                                                                                                                                                                  • API String ID: 2641571835-3659835543
                                                                                                                                                                                                                                                  • Opcode ID: b4a55b767f0d97bc12d72e71db74bbd55fe75f9d40200b1de7e2156741271c11
                                                                                                                                                                                                                                                  • Instruction ID: 5bce7cb9a6ab2437036f6ace990809779ee619458576487c499219c884dc2eb1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b4a55b767f0d97bc12d72e71db74bbd55fe75f9d40200b1de7e2156741271c11
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B01A232B1AB4181EB609B95F5503696364FB48FC4F084032FE4DA3B49DE2CD5A08700
                                                                                                                                                                                                                                                  Function 00007FFD938E271B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_freeO_strdup
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                                                                                  • API String ID: 2148955802-2868363209
                                                                                                                                                                                                                                                  • Opcode ID: b911845fcac4a3d6a282408cb186a3f15c2fc6447c8482edd65e0f2285ed320a
                                                                                                                                                                                                                                                  • Instruction ID: f6cc96cda14265f7a666a22ab03631b672a6ab35de5205c02fcf9b5ce49dfa8a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b911845fcac4a3d6a282408cb186a3f15c2fc6447c8482edd65e0f2285ed320a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 53F02825B1C60292EB69CB9AF5503A86359FF8CBC0F4C8031ED0C53B86EF2CD2918700
                                                                                                                                                                                                                                                  Function 00007FFD93938350 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_freeO_strndup
                                                                                                                                                                                                                                                  • String ID: D:\a\1\s\include\internal/packet.h
                                                                                                                                                                                                                                                  • API String ID: 2641571835-2521442236
                                                                                                                                                                                                                                                  • Opcode ID: 3225c35bf251e626e4139bc26850fbb057844e1e254e5c67df70bb6ce82af30e
                                                                                                                                                                                                                                                  • Instruction ID: b2aab3f7401e6a4f2b336b6861500f969a0b11511d0aedb68449522f957b7646
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3225c35bf251e626e4139bc26850fbb057844e1e254e5c67df70bb6ce82af30e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81F0A036B19A4290EB14AB92F8A56ED2324EB4CBC4F448032EE4D97799DE2CC6958700
                                                                                                                                                                                                                                                  Function 00007FFD939286D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: L_cleanseO_free
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\record\ssl3_buffer.c
                                                                                                                                                                                                                                                  • API String ID: 4015144264-837614940
                                                                                                                                                                                                                                                  • Opcode ID: 21cc41989528223854c270181327ac9470844c24f6d2dda4b5d884cfa4c49853
                                                                                                                                                                                                                                                  • Instruction ID: 4d6c54de27940a48e1b5d75e4cae0be8a85e6ef773850fe7df16edf94357265d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21cc41989528223854c270181327ac9470844c24f6d2dda4b5d884cfa4c49853
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4EE06D96B06A8190F760A7E9D4A9BA81754AB44B88F080230DD0C4F396DE5AD586C700
                                                                                                                                                                                                                                                  Function 00007FFD938E1771 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_free
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\record\ssl3_buffer.c
                                                                                                                                                                                                                                                  • API String ID: 2581946324-837614940
                                                                                                                                                                                                                                                  • Opcode ID: 528cfb638c9265073da1d96b2b7a73e07ff011cef3c8649fec17129e0635ca34
                                                                                                                                                                                                                                                  • Instruction ID: 3ac06f799e8421932d1d3e4809a6ec7b711dd025d68e267afef2ac6c383af7a2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 528cfb638c9265073da1d96b2b7a73e07ff011cef3c8649fec17129e0635ca34
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C016176B18F6192E7709B94E5503AAB368FB44F94F280231EA4C27A49DF29D951C740
                                                                                                                                                                                                                                                  Function 00007FFD938E1140 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00007FFD938E4FA0: CRYPTO_free.LIBCRYPTO-3(?,?,?,?,?,00007FFD938E412F), ref: 00007FFD938E5094
                                                                                                                                                                                                                                                  • CRYPTO_free.LIBCRYPTO-3 ref: 00007FFD938E4146
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_free
                                                                                                                                                                                                                                                  • String ID: ..\s\crypto\packet.c
                                                                                                                                                                                                                                                  • API String ID: 2581946324-3021818708
                                                                                                                                                                                                                                                  • Opcode ID: 99ba739f443f253d83b52741c5b42f0a1eb09f90533206538d320439f766422f
                                                                                                                                                                                                                                                  • Instruction ID: 492ae7f6f7680e241b94a7c2fd356c62d14e0ffa3d10c9f435865ea2ae9cebf7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 99ba739f443f253d83b52741c5b42f0a1eb09f90533206538d320439f766422f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0FF0BBA5B1460281EF75ABA6E85037B13A9FF94B94F541030E90C57785DF6DD8D1C700
                                                                                                                                                                                                                                                  Function 00007FFD939252A0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_free
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\record\rec_layer_d1.c
                                                                                                                                                                                                                                                  • API String ID: 2581946324-1306860146
                                                                                                                                                                                                                                                  • Opcode ID: a0ea09f7b4caa632463648e6a5a3eac89013ff4ec3887a629b3c32d42dcac195
                                                                                                                                                                                                                                                  • Instruction ID: e4fe91441f5936e09a1b7a73b38d415757f3f9390ab1d1062afed245a5bc68d4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a0ea09f7b4caa632463648e6a5a3eac89013ff4ec3887a629b3c32d42dcac195
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FAF0E211B1860281EF74BB96F8613BD8354AF88BC4F481030FE0D1BB8BDD2CD8908700
                                                                                                                                                                                                                                                  Function 00007FFD938F4790 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_get_ex_new_index
                                                                                                                                                                                                                                                  • String ID: SSL for verify callback
                                                                                                                                                                                                                                                  • API String ID: 3987194240-2900698531
                                                                                                                                                                                                                                                  • Opcode ID: 59c0670782c922fdc27d721ea8a6a82999326f5914611dc9f031e502ee468eac
                                                                                                                                                                                                                                                  • Instruction ID: e9eb49e65ba76ea9cecb97d994da76c62dd7d7f4fbca8de7a4823804cf2d4d4a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 59c0670782c922fdc27d721ea8a6a82999326f5914611dc9f031e502ee468eac
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68E01271F0564296E331EBE4E851AA637E9BB94304F414235E58C93761EF3DE155CB40
                                                                                                                                                                                                                                                  Function 00007FFD938ED2E1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_free
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                                                  • API String ID: 2581946324-4238427508
                                                                                                                                                                                                                                                  • Opcode ID: 6350cf16a9c0d126380f3fa9b0e1836d1dc1cf503f95eea3ecfac14a546e38b6
                                                                                                                                                                                                                                                  • Instruction ID: 9ec569082ca9fd1f5e83aae55ce2a2be88254fd0dd59fa1a7bfd739e1d8edbff
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6350cf16a9c0d126380f3fa9b0e1836d1dc1cf503f95eea3ecfac14a546e38b6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0E08626708B4180E750AB99F4403986319E781BE8F084032DF0C0BA49CE79D4D69711
                                                                                                                                                                                                                                                  Function 00007FFD9392E260 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_free
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions.c
                                                                                                                                                                                                                                                  • API String ID: 2581946324-1165805907
                                                                                                                                                                                                                                                  • Opcode ID: 496e81ba4a152e5f5996a1ac003a677bc8841543c4498346642b06517555573c
                                                                                                                                                                                                                                                  • Instruction ID: 8a5b428d702aa96672da325dd3fa1a4b20cb9348da2cfbd0aa12442896740517
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 496e81ba4a152e5f5996a1ac003a677bc8841543c4498346642b06517555573c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6E012A6B056408AE795A7A5D8153D52398FB48B44F840130ED4DC7781EF5982918710
                                                                                                                                                                                                                                                  Function 00007FFD9392E200 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_free
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions.c
                                                                                                                                                                                                                                                  • API String ID: 2581946324-1165805907
                                                                                                                                                                                                                                                  • Opcode ID: 19486f1f70c6fc214faf183a925b9ec0f1369ca687dbcddd0267e641ce2128b8
                                                                                                                                                                                                                                                  • Instruction ID: 2886cc445b7953e85629586336b6cc6ead7ee1a08bc5894a487990c40858a2c7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 19486f1f70c6fc214faf183a925b9ec0f1369ca687dbcddd0267e641ce2128b8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90E012A5B017405AE7D1A7A5D8553D5239CEB49F44F540031DD4DC7782ED5982D18710
                                                                                                                                                                                                                                                  Function 00007FFD938EB200 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_clear_free
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\s3_enc.c
                                                                                                                                                                                                                                                  • API String ID: 2011826501-1839494539
                                                                                                                                                                                                                                                  • Opcode ID: a3fd00c98839b7e8c1664afbc487672423ed4b4892010f20281f31aa65610e19
                                                                                                                                                                                                                                                  • Instruction ID: 77cc80f0dbc48c89743763143d0c612d246200e30bee8f5b69ff4d829da0b65d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a3fd00c98839b7e8c1664afbc487672423ed4b4892010f20281f31aa65610e19
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CCE08C72B06B4582D791ABA5E8143D823A8EB0CB48F480031E90C9B351EE28C3938380
                                                                                                                                                                                                                                                  Function 00007FFD938E107D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_free
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                                                                                  • API String ID: 2581946324-1643863364
                                                                                                                                                                                                                                                  • Opcode ID: b393b900e37ea5ef3f3a429c33ed7b3b8c7153a8668125abedf165aa69c8d630
                                                                                                                                                                                                                                                  • Instruction ID: 43c7c4aa189cc7ca1426fcafd206f035a90031ce796f70e9c18290dd8d63b9f3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b393b900e37ea5ef3f3a429c33ed7b3b8c7153a8668125abedf165aa69c8d630
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B3D05E11F19106A1EB74B7D6D8617FC2328EB89F40F540131ED1E67B92DD1DA68A9700
                                                                                                                                                                                                                                                  Function 00007FFD938E267B Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: D_unlockD_write_lock
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1724170673-0
                                                                                                                                                                                                                                                  • Opcode ID: 684068de0249cd697c2edab7a9c605427e68fc8da4ae45c78f9a4853c1631537
                                                                                                                                                                                                                                                  • Instruction ID: cb385a0a6862250fd56027798b0ebf608e59859284d69ac0fb52c556f9c0a485
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 684068de0249cd697c2edab7a9c605427e68fc8da4ae45c78f9a4853c1631537
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95E06526B1D68291E760A796F5917BC5358EB88BC4F481030FE0D97796DE18D5D18600
                                                                                                                                                                                                                                                  Function 00007FFD938FE227 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: D_unlockD_write_lock
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1724170673-0
                                                                                                                                                                                                                                                  • Opcode ID: dba52de233cc2b69350f587698fd3148d50166bd7fb018036490d9ced0c3ceee
                                                                                                                                                                                                                                                  • Instruction ID: e7561f07b86a9970f1a29c6a98c93c3ede09bab54290233e9494564d3cbff39f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dba52de233cc2b69350f587698fd3148d50166bd7fb018036490d9ced0c3ceee
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0FD02B52F0818242EB5467D2FC542E55358AF4CBC8F180130FE0C83FA6FD1CCA914700
                                                                                                                                                                                                                                                  Function 00007FFD938F21F0 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: D_run_once
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1403826838-0
                                                                                                                                                                                                                                                  • Opcode ID: 001cd4771d6f2b870f5e2e680b4ac14c104d7506a7621e2cc91e670adcdf643c
                                                                                                                                                                                                                                                  • Instruction ID: ff95b0880af677d50defd50024d7369b813d9a58b785501f80a4defd1ca315ae
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 001cd4771d6f2b870f5e2e680b4ac14c104d7506a7621e2cc91e670adcdf643c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 04E08C24F09103A6FB78BBA8E8B17722398AF80310F804235E42DA26E1DE1DF9008740
                                                                                                                                                                                                                                                  Function 00007FFD938E12CB Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: D_run_once
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1403826838-0
                                                                                                                                                                                                                                                  • Opcode ID: 3967ec2dced1998402e64a30c320066bae59fdba63e2d9367f86d3e407c5ac3e
                                                                                                                                                                                                                                                  • Instruction ID: 11b8cecfc6de6e2f570707b8b7a91d1988c00e3bde0e656e70e88dee9929fbdb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3967ec2dced1998402e64a30c320066bae59fdba63e2d9367f86d3e407c5ac3e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7D0C954F19607A1FA707BE8E8716B4271CAF80300FC04132D02D263A2EE1DEA5A8780
                                                                                                                                                                                                                                                  Function 00007FFD938E22DE Relevance: 52.7, APIs: 26, Strings: 4, Instructions: 198COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$X_new$D_get_typeO_ctrlO_freeX_copy_exX_freeX_get0_md
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\s3_enc.c$ssl3-ms$ssl3_digest_cached_records$ssl3_final_finish_mac
                                                                                                                                                                                                                                                  • API String ID: 2271831671-3843019499
                                                                                                                                                                                                                                                  • Opcode ID: 28829e7003b49d550aa7c24b3b1eb25afb19786f97720025772459f8810b2b3f
                                                                                                                                                                                                                                                  • Instruction ID: f4acb82283697fb67da7ae2648f463db38831ea33d7fce14cab0245d310c01d3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 28829e7003b49d550aa7c24b3b1eb25afb19786f97720025772459f8810b2b3f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5081AF26B0C746A1FA35ABE698717FA239CAF95784F404031DD4E776A2EE3CE5818740
                                                                                                                                                                                                                                                  Function 00007FFD9391B510 Relevance: 45.8, APIs: 16, Strings: 10, Instructions: 294COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_printf$O_indent$O_puts$X509_$E_freed2i_
                                                                                                                                                                                                                                                  • String ID: %s (%d)$%s (0x%04x)$<UNPARSEABLE DN>$DistinguishedName (len=%d): $UNKNOWN$certificate_authorities (len=%d)$certificate_types (len=%d)$request_context$request_extensions$signature_algorithms (len=%d)
                                                                                                                                                                                                                                                  • API String ID: 2542938528-1289818360
                                                                                                                                                                                                                                                  • Opcode ID: e5ec8d1f2492826789591e9dd6ff3efe46afef87edda0d890920d62b1aa0631b
                                                                                                                                                                                                                                                  • Instruction ID: 7dce7674f88350256e461a01b32ea7e75bfff4894e5d58cd09ecc800e0a19ca3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e5ec8d1f2492826789591e9dd6ff3efe46afef87edda0d890920d62b1aa0631b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DDC11726B1869169EB309BA6D4257B96B9AFB89BD4F488031DD8E33B91CF3CD541C700
                                                                                                                                                                                                                                                  Function 00007FFD938E169A Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 209COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Digest$Update$Final_exX_copy_exX_freeX_get0_mdmemcpy$D_get_sizeR_get_modeX_get0_cipherX_new
                                                                                                                                                                                                                                                  • String ID: 666666666666666666666666666666666666666666666666\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
                                                                                                                                                                                                                                                  • API String ID: 1783088893-2009547811
                                                                                                                                                                                                                                                  • Opcode ID: 701d8d5d429757265722fa2fc4d025157dc7f0f81d7d3be07cd8f14bfebaa94f
                                                                                                                                                                                                                                                  • Instruction ID: 494334a509577df5696045b028bd02a9c39b5b994c576222da36090b505954ea
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 701d8d5d429757265722fa2fc4d025157dc7f0f81d7d3be07cd8f14bfebaa94f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D681D756B08BC351EA34E7EAA8B57BA5799AF46BC4F040035ED4E67796DE2CE041C700
                                                                                                                                                                                                                                                  Function 00007FFD93911250 Relevance: 38.7, APIs: 16, Strings: 6, Instructions: 214COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ERR_new.LIBCRYPTO-3(?,?,?,?,00000020,?,?,00007FFD939127C0), ref: 00007FFD93911315
                                                                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,00000020,?,?,00007FFD939127C0), ref: 00007FFD93911333
                                                                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,00000020,?,?,00007FFD939127C0), ref: 00007FFD93911358
                                                                                                                                                                                                                                                  • ERR_set_error.LIBCRYPTO-3(?,?,?,?,00000020,?,?,00007FFD939127C0), ref: 00007FFD93911369
                                                                                                                                                                                                                                                  • EVP_MD_get0_name.LIBCRYPTO-3(?,?,?,?,00000020,?,?,00007FFD939127C0), ref: 00007FFD939113C5
                                                                                                                                                                                                                                                  • OSSL_PARAM_construct_octet_string.LIBCRYPTO-3(?,?,?,?,00000020,?,?,00007FFD939127C0), ref: 00007FFD93911440
                                                                                                                                                                                                                                                  • OSSL_PARAM_construct_octet_string.LIBCRYPTO-3(?,?,?,?,00000020,?,?,00007FFD939127C0), ref: 00007FFD93911472
                                                                                                                                                                                                                                                  • OSSL_PARAM_construct_octet_string.LIBCRYPTO-3(?,?,?,?,00000020,?,?,00007FFD939127C0), ref: 00007FFD939114A6
                                                                                                                                                                                                                                                  • OSSL_PARAM_construct_octet_string.LIBCRYPTO-3(?,?,?,?,00000020,?,?,00007FFD939127C0), ref: 00007FFD939114DA
                                                                                                                                                                                                                                                  • OSSL_PARAM_construct_octet_string.LIBCRYPTO-3(?,?,?,?,00000020,?,?,00007FFD939127C0), ref: 00007FFD93911511
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: M_construct_octet_string$R_set_debug$D_get0_nameR_newR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\t1_enc.c$TLS1-PRF$digest$secret$seed$tls1_PRF
                                                                                                                                                                                                                                                  • API String ID: 2018442406-343031646
                                                                                                                                                                                                                                                  • Opcode ID: 66a3d005abe625f1938974e1217084bca44be8e60b87a58ccbf077f9680b8d71
                                                                                                                                                                                                                                                  • Instruction ID: e59ff05a914310180918e5566949e2c012f25b6a20336fae53ea6d307f13e929
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 66a3d005abe625f1938974e1217084bca44be8e60b87a58ccbf077f9680b8d71
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 24B18126A08BC6A5E721DFA4D8613F96764FB99788F005132EE4D27756EF38E2C4C740
                                                                                                                                                                                                                                                  Function 00007FFD938E20CC Relevance: 36.9, APIs: 19, Strings: 2, Instructions: 160COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Digest$Update$Final_exInit_ex$L_cleanseR_newR_set_debugX_freeX_new
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\s3_enc.c$ssl3_generate_master_secret
                                                                                                                                                                                                                                                  • API String ID: 284231625-143700668
                                                                                                                                                                                                                                                  • Opcode ID: 97b96a8955ac91748196cad49aebfd042e64ceb6521c498ffc10a7203c6c4ea9
                                                                                                                                                                                                                                                  • Instruction ID: d537862d6833d702d6e6651832d9dcfe771237b19f4715d3c5ca469943b95858
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 97b96a8955ac91748196cad49aebfd042e64ceb6521c498ffc10a7203c6c4ea9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF51D365B1C78352EA38ABE6E9617BA6398BF85BC4F401031ED4D67756DE3DE0418B00
                                                                                                                                                                                                                                                  Function 00007FFD938E2513 Relevance: 36.9, APIs: 19, Strings: 2, Instructions: 110COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$O_ctrlO_freeO_newO_s_fileR_set_errorX509_free
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_rsa.c$SSL_CTX_use_certificate_file
                                                                                                                                                                                                                                                  • API String ID: 2680622528-1162081224
                                                                                                                                                                                                                                                  • Opcode ID: 4ed96199b7cab44813e0d3618d52d3fe48afe7b6b130c28909c4744ee33e188e
                                                                                                                                                                                                                                                  • Instruction ID: 665aa0796460367d496edb5f84ce556e30929ba7bd12331807cad9971cf0efec
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ed96199b7cab44813e0d3618d52d3fe48afe7b6b130c28909c4744ee33e188e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB418F69F0D742A1FA30ABD5E8213BE2399AF85790F504032ED4D277A6DE3CE485CB40
                                                                                                                                                                                                                                                  Function 00007FFD9391E1F0 Relevance: 35.2, APIs: 7, Strings: 13, Instructions: 248COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • BIO_indent.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9391D7CC), ref: 00007FFD9391E23B
                                                                                                                                                                                                                                                  • BIO_indent.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9391D7CC), ref: 00007FFD9391E3E7
                                                                                                                                                                                                                                                  • BIO_puts.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9391D7CC), ref: 00007FFD9391E3FD
                                                                                                                                                                                                                                                  • BIO_puts.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9391D7CC), ref: 00007FFD9391E415
                                                                                                                                                                                                                                                  • BIO_printf.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFD9391D7CC), ref: 00007FFD9391E24F
                                                                                                                                                                                                                                                    • Part of subcall function 00007FFD9391DBC0: BIO_printf.LIBCRYPTO-3(?,00007FFD9391B04A), ref: 00007FFD9391DC04
                                                                                                                                                                                                                                                    • Part of subcall function 00007FFD9391DBC0: BIO_printf.LIBCRYPTO-3(?,00007FFD9391B04A), ref: 00007FFD9391DC1F
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_printf$O_indentO_puts
                                                                                                                                                                                                                                                  • String ID: KeyExchangeAlgorithm=%s$UNKNOWN$UNKNOWN CURVE PARAMETER TYPE %d$dh_Ys$dh_g$dh_p$explicit_char2$explicit_prime$named_curve: %s (%d)$point$psk_identity_hint$rsa_exponent$rsa_modulus
                                                                                                                                                                                                                                                  • API String ID: 3310571797-1380109711
                                                                                                                                                                                                                                                  • Opcode ID: 47121956bf6636675cfb9b2e70c2587bc754de3f6f9d9fe41b36e48461540114
                                                                                                                                                                                                                                                  • Instruction ID: cf5259a56c233e6fae1350417d0f95037d9d5750796d2329b231f7a52ee5bcff
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 47121956bf6636675cfb9b2e70c2587bc754de3f6f9d9fe41b36e48461540114
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4BA1B122F08696A5EA34CB95E4253EAB76AFB49780F444132DE9E33B84DF3CE515C300
                                                                                                                                                                                                                                                  Function 00007FFD938E109B Relevance: 31.6, APIs: 16, Strings: 2, Instructions: 142COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: L_sk_pop_free$E_freeL_sk_newL_sk_pushR_newR_set_debugX509_
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_lib.c$parse_ca_names
                                                                                                                                                                                                                                                  • API String ID: 3454744561-1744826974
                                                                                                                                                                                                                                                  • Opcode ID: 034a734ff06d8d1b3df841fcb18ccceef9552ac6a6de163322302505e8d318e0
                                                                                                                                                                                                                                                  • Instruction ID: 0c0195acf46ad26ec21c9ad889df536ae4f6bae1e7966fcf342828b0966d47c9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 034a734ff06d8d1b3df841fcb18ccceef9552ac6a6de163322302505e8d318e0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1517069F0D69275FB70ABE5D4253BA2359AF84780F544032DE8D636D3DE3CE5818B40
                                                                                                                                                                                                                                                  Function 00007FFD938F0070 Relevance: 31.6, APIs: 16, Strings: 2, Instructions: 101COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$X_freeX_new_from_name
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\s3_lib.c$ssl_generate_pkey_group
                                                                                                                                                                                                                                                  • API String ID: 3722767420-2496621805
                                                                                                                                                                                                                                                  • Opcode ID: 04cb3ac14babf414ab54659c1420eb3a9ddd0205a92f5e3455bd0f86b5a8a258
                                                                                                                                                                                                                                                  • Instruction ID: 2bff03b507a33a31178df1f9dee9788ead376653f8be8535968b52710315147d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 04cb3ac14babf414ab54659c1420eb3a9ddd0205a92f5e3455bd0f86b5a8a258
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0741BE29B1E742A5E774E7E1E8717FA2319AF95780F400032ED4D63692DE3DE844C740
                                                                                                                                                                                                                                                  Function 00007FFD93909680 Relevance: 31.6, APIs: 16, Strings: 2, Instructions: 96COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$O_ctrlO_freeO_newO_s_fileR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_rsa.c$SSL_CTX_use_PrivateKey_file
                                                                                                                                                                                                                                                  • API String ID: 1899708915-2252211958
                                                                                                                                                                                                                                                  • Opcode ID: d94c28d24c7e937970c451ff150ad84ccb53ce58e2228629b3f1025ff047b185
                                                                                                                                                                                                                                                  • Instruction ID: 010fa5548d404a7ffdebfc6adea04b32dc8d8805c1c26e4d8f090fadd090db29
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d94c28d24c7e937970c451ff150ad84ccb53ce58e2228629b3f1025ff047b185
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C341716AB0DB42A1E770ABE5D8213FA6359AF88B80F544032ED4D377A6DE3CE5418741
                                                                                                                                                                                                                                                  Function 00007FFD938E2216 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 213COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_key_share
                                                                                                                                                                                                                                                  • API String ID: 193678381-166674739
                                                                                                                                                                                                                                                  • Opcode ID: 0fe6995ea354464c5bc0c7b3a42a95ee06481d772f92f80e0ea7575255af8488
                                                                                                                                                                                                                                                  • Instruction ID: 3f048a76d4d1d455db3df83ef7c25e4c902725c9c13e76912bd61439c54afc3f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0fe6995ea354464c5bc0c7b3a42a95ee06481d772f92f80e0ea7575255af8488
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C691A1A1F0869261F734ABA594243FA67E9EF80784F044132ED5F67ADACF3CE5818740
                                                                                                                                                                                                                                                  Function 00007FFD939592D0 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 113COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$Y_free
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_srvr.c$tls_process_cke_dhe
                                                                                                                                                                                                                                                  • API String ID: 2633058761-3621362005
                                                                                                                                                                                                                                                  • Opcode ID: 8079ac5babdb914cc97b14bc09e57019c8c556e029d5a52e01bb6db19c09f5b8
                                                                                                                                                                                                                                                  • Instruction ID: 1aba32194d47deb964a7fbbddd0dc94e7d9661b8571434d4c34a7c6c35b2adb2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8079ac5babdb914cc97b14bc09e57019c8c556e029d5a52e01bb6db19c09f5b8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48415E65B08752A5FB30ABE5E8613BA6359AF41B80F944031DE4E37BD2DF3CE9818740
                                                                                                                                                                                                                                                  Function 00007FFD938E20D1 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 162COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_new$i2d_$L_sk_numR_set_debugX509_$L_sk_value
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_status_request
                                                                                                                                                                                                                                                  • API String ID: 3024451675-148121689
                                                                                                                                                                                                                                                  • Opcode ID: d1428318352c6b2745dea5dc192ae58ce7cf3d8c3326f8ea22e30f6ca020501a
                                                                                                                                                                                                                                                  • Instruction ID: f20326b3dc2c01662db82f1ef6b9e1937fd043e48f720a919924337e82eb9c94
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1428318352c6b2745dea5dc192ae58ce7cf3d8c3326f8ea22e30f6ca020501a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D519E65B0C64362FB78A7E298B13F9139DAF85B84F444031DD0EA7AC6DE2DE9428700
                                                                                                                                                                                                                                                  Function 00007FFD938F56E0 Relevance: 28.1, APIs: 7, Strings: 9, Instructions: 101stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: strncmp$R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_ciph.c$ECDHE-ECDSA-AES128-GCM-SHA256$ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384$ECDHE-ECDSA-AES256-GCM-SHA384$SUITEB128$SUITEB128C2$SUITEB128ONLY$SUITEB192$check_suiteb_cipher_list
                                                                                                                                                                                                                                                  • API String ID: 1930259724-1099454403
                                                                                                                                                                                                                                                  • Opcode ID: cd731b4d236905a648258da8a9046f31ad121a3fa299a8f54cbee44a92dc2aeb
                                                                                                                                                                                                                                                  • Instruction ID: 4586fc4fd652de06683c2274b22265375a0efc01dd521dabd0ecd4ba8399e6b3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd731b4d236905a648258da8a9046f31ad121a3fa299a8f54cbee44a92dc2aeb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AF41D376B18A07A6E7308BA5E86037933A8FB44B94F504435EA0DE3794DF3DE960CB40
                                                                                                                                                                                                                                                  Function 00007FFD938E16E5 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 99COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$O_ctrlO_freeO_newO_s_fileR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_rsa.c$SSL_use_PrivateKey_file
                                                                                                                                                                                                                                                  • API String ID: 1899708915-420668618
                                                                                                                                                                                                                                                  • Opcode ID: 3edad9cc728273c24525c025f0738f74cea89c26228cab9ff6bde505d92d58fe
                                                                                                                                                                                                                                                  • Instruction ID: 836969cc71aa7a5739969b4c6b356efb246f4ca74a81053d260df8ee935a0655
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3edad9cc728273c24525c025f0738f74cea89c26228cab9ff6bde505d92d58fe
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 11417429F09B42A1F670EBD1D4613FA6399EF84780F504036EE8D27796DE3CE5818B81
                                                                                                                                                                                                                                                  Function 00007FFD93942340 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 174COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_clnt.c$set_client_ciphersuite
                                                                                                                                                                                                                                                  • API String ID: 193678381-554836899
                                                                                                                                                                                                                                                  • Opcode ID: e907b9082556d46cdec3aa4c743d4597454d6ee782b997f8dee89d8fe0c6d16f
                                                                                                                                                                                                                                                  • Instruction ID: 868fdd102ce05bec199b8c32555ca600d0dc96eba4cfc260fb0d3a9010f9dde8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e907b9082556d46cdec3aa4c743d4597454d6ee782b997f8dee89d8fe0c6d16f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA71A122B1864292EB74EBE5E8747A92398FF84B84F444031DE4E677D6DF2DE581CB40
                                                                                                                                                                                                                                                  Function 00007FFD938EB260 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 113COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$O_ctrlO_freeX_new
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\s3_enc.c$ssl3_digest_cached_records
                                                                                                                                                                                                                                                  • API String ID: 1193811298-2469352020
                                                                                                                                                                                                                                                  • Opcode ID: 2e46933e6f4de043fb6c14859512636f0fe02399f739e516c4fcfa2488e6e28b
                                                                                                                                                                                                                                                  • Instruction ID: 9026a436df6a0a71e559abe5a6b2edf144d501b2f55c4c7ce117a60d39d13e0f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e46933e6f4de043fb6c14859512636f0fe02399f739e516c4fcfa2488e6e28b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7841E736B1D64291F770EBE5E8617EA2398EF84784F440031EE0D67796DE3CD9908B40
                                                                                                                                                                                                                                                  Function 00007FFD938E1825 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_next$O_free_allO_int_ctrlO_newO_s_socketO_up_refR_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_lib.c$SSL_set_fd
                                                                                                                                                                                                                                                  • API String ID: 2935861444-3152457077
                                                                                                                                                                                                                                                  • Opcode ID: e22caefd459698eef22aae7eb673479cd39751a60846fff1320b17e4127f4f89
                                                                                                                                                                                                                                                  • Instruction ID: 17b2ac2f7ace09a78e26792ccc9639bb303cdb2a5954cd7851428cea51ba1166
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e22caefd459698eef22aae7eb673479cd39751a60846fff1320b17e4127f4f89
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EB31612AB1A703A1EB74ABE5D5A13792358EF44BC8F441431ED0D37BDADE2CE4908B40
                                                                                                                                                                                                                                                  Function 00007FFD938E165E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 185COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_clnt.c$No groups enabled for max supported SSL/TLS version$tls_construct_ctos_supported_groups
                                                                                                                                                                                                                                                  • API String ID: 193678381-1756869798
                                                                                                                                                                                                                                                  • Opcode ID: 64f1441907d4d7d4af363cf9d9b4f88ed42ace708fad04c62e9a6364c1dbe5e5
                                                                                                                                                                                                                                                  • Instruction ID: bad776568fd8c65f09b19ea9bfbc836987515ce55b83f4bcfdb1ecfc2d18434e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 64f1441907d4d7d4af363cf9d9b4f88ed42ace708fad04c62e9a6364c1dbe5e5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ED718F61B1C642A2EB78ABD2E5207BB2398FB94780F504031ED4E67AD5DF7DE941CB00
                                                                                                                                                                                                                                                  Function 00007FFD938E1096 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 180COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_clnt.c$tls_prepare_client_certificate
                                                                                                                                                                                                                                                  • API String ID: 193678381-816577172
                                                                                                                                                                                                                                                  • Opcode ID: 0ac33749fb5b95e9910f669b4ed50a127f83b15fbbde37fca47158f81f1db84b
                                                                                                                                                                                                                                                  • Instruction ID: 9325d7f9ff2391b55a48f14473991cd7e287ec17f6f7c13b62409a2d190d5637
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ac33749fb5b95e9910f669b4ed50a127f83b15fbbde37fca47158f81f1db84b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83718632B1865292EB749BD5E4643BD63A4EF84B84F541032DE4D6B7DADF3DD8818B00
                                                                                                                                                                                                                                                  Function 00007FFD93949560 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 139COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$X509_get0_pubkey
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_ske_ecdhe
                                                                                                                                                                                                                                                  • API String ID: 2988517565-1997102834
                                                                                                                                                                                                                                                  • Opcode ID: 85bb5114a0b2ef34e6965820c3892ba924012811e787384668703692803aa349
                                                                                                                                                                                                                                                  • Instruction ID: 5c5070da9e3b56d3a3ebc1dac45a0ef3a411c535d89d10fcec279869d1ceb0f1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 85bb5114a0b2ef34e6965820c3892ba924012811e787384668703692803aa349
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0951C276B18792A1E770EBA6E5247BA23A9FB84784F444032DE4D23786DF3CE150CB00
                                                                                                                                                                                                                                                  Function 00007FFD93908830 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 138COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$L_sk_numP_resp_countT_free$E_freeL_sk_valueP_freeP_get1_ext_d2iP_resp_get0P_response_get1_basicX_freeX_new_exd2i_
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_lib.c$ssl_validate_ct
                                                                                                                                                                                                                                                  • API String ID: 2834088071-2167807083
                                                                                                                                                                                                                                                  • Opcode ID: 990dad7b21ffe31bad799d40a4e3447f5d5360bcbe68f08b7ee1f551ef8387f1
                                                                                                                                                                                                                                                  • Instruction ID: 1662c1f7e14476637c791b1a76f69258e1bfd62c4c54bd4cdac6331c51913469
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 990dad7b21ffe31bad799d40a4e3447f5d5360bcbe68f08b7ee1f551ef8387f1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA518769F0E64265FA78ABE6D5713B91358EF45B80F540031DE4D67792DF3CE8818740
                                                                                                                                                                                                                                                  Function 00007FFD938E14E7 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 128COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_parse_stoc_use_srtp
                                                                                                                                                                                                                                                  • API String ID: 193678381-2011129389
                                                                                                                                                                                                                                                  • Opcode ID: 62b15b67a10bb955c91db070f5bd56eb6a6fa0a5d7f123e651474e24caf72fd1
                                                                                                                                                                                                                                                  • Instruction ID: b84d0e3349a5b9df80c9fd4060a78e3a2ac00aab629391b8e33fc034418b097a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 62b15b67a10bb955c91db070f5bd56eb6a6fa0a5d7f123e651474e24caf72fd1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD51F866B1CB8591E778EBD5E8A17F92798EB84B80F544431DA5E23BD2CE2CD490C700
                                                                                                                                                                                                                                                  Function 00007FFD93922790 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$N_ucmp$N_is_zeroN_num_bits
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\tls_srp.c$srp_verify_server_param
                                                                                                                                                                                                                                                  • API String ID: 3341325393-16616462
                                                                                                                                                                                                                                                  • Opcode ID: 18d925294a3572b34e2b9921010c0bbd4644a5ccf8161487fa3d987674c2a480
                                                                                                                                                                                                                                                  • Instruction ID: 0b01c693f5f693abe70bdc60fef6f86e5da48daf88a331e1508e7dcaf680f836
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 18d925294a3572b34e2b9921010c0bbd4644a5ccf8161487fa3d987674c2a480
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1312755F48A43A0FBB4ABE1D8717FA23589F84B84F484431DD0DAB7D6EE2CE5828710
                                                                                                                                                                                                                                                  Function 00007FFD938E2261 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 130COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: D_get0_nameL_cleanseM_construct_endM_construct_utf8_stringQ_macR_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\tls13_enc.c$HMAC$finished$properties$tls13_final_finish_mac
                                                                                                                                                                                                                                                  • API String ID: 3095186593-1708336846
                                                                                                                                                                                                                                                  • Opcode ID: d870d57f4a8d1e1ec1caae4b2e99c27a5503b39d807635a0cf03397e713b640c
                                                                                                                                                                                                                                                  • Instruction ID: cd66300bfb321033c1e18bc890da8fd33a053d6e6f57acd60e3445ce126cb289
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d870d57f4a8d1e1ec1caae4b2e99c27a5503b39d807635a0cf03397e713b640c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7515C22B08B8191E771DF95E4607EA63A4FB89784F444136EE8D27755EF3CD185CB40
                                                                                                                                                                                                                                                  Function 00007FFD93907830 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_new$D_get_sizeDigestFinal_exR_set_debugX_copy_exX_freeX_get0_mdX_new
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_lib.c$ssl_handshake_hash
                                                                                                                                                                                                                                                  • API String ID: 474506514-3232504857
                                                                                                                                                                                                                                                  • Opcode ID: 0d8cc38b9c04fce3ccfed6e37c47c93c2ac3590197e10c60dae3ca6581a8d782
                                                                                                                                                                                                                                                  • Instruction ID: f6fd0e82985b54c4ee7bfeb97d061e8496cac6cc7212ab6cbe558a10a20cbcb9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d8cc38b9c04fce3ccfed6e37c47c93c2ac3590197e10c60dae3ca6581a8d782
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E217F29F08747A1F630AAD2ADA17BA5388BF40BD0F144031ED4E67796DE7CE4828740
                                                                                                                                                                                                                                                  Function 00007FFD9390C0F0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 73COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error$Y_new
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_rsa_legacy.c$SSL_CTX_use_RSAPrivateKey
                                                                                                                                                                                                                                                  • API String ID: 2166683265-3135413908
                                                                                                                                                                                                                                                  • Opcode ID: bab9f2d17ed595648ca7d0107265f801c0e8bfdf9e56c739c15dc4f3a93d3b12
                                                                                                                                                                                                                                                  • Instruction ID: 5abc9f5e74bb30531159c97bfc6ae88e4503109a8c9d19e2682ac29cc2543148
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bab9f2d17ed595648ca7d0107265f801c0e8bfdf9e56c739c15dc4f3a93d3b12
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4621A229F2C64261EAA4F7E5E5613FA1399EF457C4F481030EE4E67E87DE2CE5918B00
                                                                                                                                                                                                                                                  Function 00007FFD9392E770 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_new$R_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions.c$final_key_share
                                                                                                                                                                                                                                                  • API String ID: 476316267-2690623152
                                                                                                                                                                                                                                                  • Opcode ID: e33aafe06eb222f047387b84a5275ec0d4ef69e9d598c9891cc0703c8d66f153
                                                                                                                                                                                                                                                  • Instruction ID: 0afa22f7a745bb693492ebe83ab688fd15e910bbb9117508a77101d012d97cab
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e33aafe06eb222f047387b84a5275ec0d4ef69e9d598c9891cc0703c8d66f153
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB71A526F08A82A1F7709AA5D8647BA3398FF80748F184035DE8D676D5DF7CD884CB51
                                                                                                                                                                                                                                                  Function 00007FFD939426D0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 109COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$R_set_errorX509_get0_pubkey
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_clnt.c$ssl3_check_cert_and_algorithm
                                                                                                                                                                                                                                                  • API String ID: 1177010120-269904252
                                                                                                                                                                                                                                                  • Opcode ID: ad44ac0159f1cc0c7c14a1e6138ea13d3176a924a9d2821877df9653f19f704c
                                                                                                                                                                                                                                                  • Instruction ID: a554ada9de22b3d352ebcefe1de0625dc29662cc9b03806794a2b00b0a4d638c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ad44ac0159f1cc0c7c14a1e6138ea13d3176a924a9d2821877df9653f19f704c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1419225F1864251E7B4A7E5E4653BA2368EF84B94F840032EE4E677D6DE2CE8818B00
                                                                                                                                                                                                                                                  Function 00007FFD938FA130 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_ctrl$O_freeO_newO_s_fileR_clear_last_markR_pop_to_markR_set_markX_freeY_free
                                                                                                                                                                                                                                                  • String ID: PEM
                                                                                                                                                                                                                                                  • API String ID: 753178889-379482575
                                                                                                                                                                                                                                                  • Opcode ID: 8bced8c0135ef14e88c51e95f38f33fa2023c34d4e23a5081442ab6f33c06267
                                                                                                                                                                                                                                                  • Instruction ID: e83d1133d5e0f994fce464376fc41e8ac5368dd72e82def8c52bde9e94452920
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8bced8c0135ef14e88c51e95f38f33fa2023c34d4e23a5081442ab6f33c06267
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27419625B0974351FA31ABE6A42027A6399FF84BD0F040131EE4D67B95DF3EE951CB41
                                                                                                                                                                                                                                                  Function 00007FFD938E17FD Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_initial_server_flight$tls_process_server_done
                                                                                                                                                                                                                                                  • API String ID: 193678381-2920457334
                                                                                                                                                                                                                                                  • Opcode ID: 6ef57c751edcf894c9b3c73731c64f3625680a3cf961eda0e4166f59258a41ac
                                                                                                                                                                                                                                                  • Instruction ID: 3fd8cb328fbf95cfd23ae31169ddbfb7cbc6c83a5b15da0f6fe9201252aefa23
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ef57c751edcf894c9b3c73731c64f3625680a3cf961eda0e4166f59258a41ac
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9F416D65F28342A1F774A7E1D8297FA2388AF85B84F440432D90E676D2DF2DE991C700
                                                                                                                                                                                                                                                  Function 00007FFD938E12B7 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_ctrlO_free_allO_method_typeO_newO_nextO_up_refR_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_lib.c$SSL_set_rfd
                                                                                                                                                                                                                                                  • API String ID: 1876162228-2433761532
                                                                                                                                                                                                                                                  • Opcode ID: 19974ead120e90da7829f5932ac7322ddf741bf556c5e1ed9645990a77e4a5e2
                                                                                                                                                                                                                                                  • Instruction ID: df8bf6f7f51b40b327c65bbe90c2c1547c2a99a29a1776d6680ceaa6da8c2f34
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 19974ead120e90da7829f5932ac7322ddf741bf556c5e1ed9645990a77e4a5e2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F21B73AF1964262EB74E7D1E4A17BE2358AF84780F441531EE4E77792DE2CE4808B40
                                                                                                                                                                                                                                                  Function 00007FFD938E12DA Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error$X509_freeX509_new_ex
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_rsa.c$SSL_CTX_use_certificate_ASN1
                                                                                                                                                                                                                                                  • API String ID: 756758628-2599344068
                                                                                                                                                                                                                                                  • Opcode ID: 4995d27b0bf1321174175f39b0be9676b82be707b6070146dbbec9efc161cf4d
                                                                                                                                                                                                                                                  • Instruction ID: eb162c3a4e659af938e20bdb4a59cfdcbe2d530debba4d1b409f7951f668b5d5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4995d27b0bf1321174175f39b0be9676b82be707b6070146dbbec9efc161cf4d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F216525B2D642A1E7A0E7E5E4617AE5354EF98780F941031FA4E637D6DE2CD4818B40
                                                                                                                                                                                                                                                  Function 00007FFD93915370 Relevance: 18.2, APIs: 12, Instructions: 177COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: L_sk_valueX509_get0_pubkeyX509_get_extension_flagsX509_get_signature_infoY_get_security_bits
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3095628011-0
                                                                                                                                                                                                                                                  • Opcode ID: 6a90dacb690371e304f2445f9702f56de0f571147d6374ef0aa4f66c0045241f
                                                                                                                                                                                                                                                  • Instruction ID: 85d21cec73e01b6f94d9fc5c1a74fac93e9bec4bc84e2af5497791ec4a008c29
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6a90dacb690371e304f2445f9702f56de0f571147d6374ef0aa4f66c0045241f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C51D826B1C28262FA74AAE664217BA538DBF88784F554135ED9E7BBC5DF3CD4018B00
                                                                                                                                                                                                                                                  Function 00007FFD938F9080 Relevance: 18.1, APIs: 12, Instructions: 87COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • OPENSSL_sk_dup.LIBCRYPTO-3(?,?,00000000,00007FFD938F5694), ref: 00007FFD938F90AB
                                                                                                                                                                                                                                                  • OPENSSL_sk_num.LIBCRYPTO-3(?,?,00000000,00007FFD938F5694), ref: 00007FFD938F90C4
                                                                                                                                                                                                                                                  • OPENSSL_sk_value.LIBCRYPTO-3(?,?,00000000,00007FFD938F5694), ref: 00007FFD938F90D5
                                                                                                                                                                                                                                                  • OPENSSL_sk_num.LIBCRYPTO-3(?,?,00000000,00007FFD938F5694), ref: 00007FFD938F90F0
                                                                                                                                                                                                                                                  • OPENSSL_sk_num.LIBCRYPTO-3(?,?,00000000,00007FFD938F5694), ref: 00007FFD938F90FC
                                                                                                                                                                                                                                                  • OPENSSL_sk_value.LIBCRYPTO-3(?,?,00000000,00007FFD938F5694), ref: 00007FFD938F9119
                                                                                                                                                                                                                                                  • OPENSSL_sk_unshift.LIBCRYPTO-3(?,?,00000000,00007FFD938F5694), ref: 00007FFD938F913F
                                                                                                                                                                                                                                                  • OPENSSL_sk_dup.LIBCRYPTO-3(?,?,00000000,00007FFD938F5694), ref: 00007FFD938F9151
                                                                                                                                                                                                                                                  • OPENSSL_sk_free.LIBCRYPTO-3(?,?,00000000,00007FFD938F5694), ref: 00007FFD938F9161
                                                                                                                                                                                                                                                  • OPENSSL_sk_free.LIBCRYPTO-3(?,?,00000000,00007FFD938F5694), ref: 00007FFD938F916D
                                                                                                                                                                                                                                                  • OPENSSL_sk_set_cmp_func.LIBCRYPTO-3(?,?,00000000,00007FFD938F5694), ref: 00007FFD938F917F
                                                                                                                                                                                                                                                  • OPENSSL_sk_free.LIBCRYPTO-3(?,?,00000000,00007FFD938F5694), ref: 00007FFD938F918F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: L_sk_freeL_sk_num$L_sk_dupL_sk_value$L_sk_set_cmp_funcL_sk_unshift
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 621534355-0
                                                                                                                                                                                                                                                  • Opcode ID: 178bee6722321e65cfedf7eb940de1229f7e8b50f333a6977fd5bd260898bda3
                                                                                                                                                                                                                                                  • Instruction ID: 28086eaa5067080dc930ac0ea8f5ff427855721051051090358aabf6f925c10d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 178bee6722321e65cfedf7eb940de1229f7e8b50f333a6977fd5bd260898bda3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E31C325B0870295EA34EFE6A8752796769AFC9B80F044034EE4E57396DE3DE8918B00
                                                                                                                                                                                                                                                  Function 00007FFD9391D500 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 129COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • BIO_indent.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,?,00007FFD9391AF9E), ref: 00007FFD9391D56A
                                                                                                                                                                                                                                                  • BIO_printf.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,?,00007FFD9391AF9E), ref: 00007FFD9391D5AE
                                                                                                                                                                                                                                                  • BIO_indent.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,?,00007FFD9391AF9E), ref: 00007FFD9391D605
                                                                                                                                                                                                                                                  • BIO_printf.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,?,00007FFD9391AF9E), ref: 00007FFD9391D65E
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_indentO_printf
                                                                                                                                                                                                                                                  • String ID: %s, Length=%d$UNKNOWN$Unsupported, hex dump follows:$message_seq=%d, fragment_offset=%d, fragment_length=%d
                                                                                                                                                                                                                                                  • API String ID: 1860387303-4198474627
                                                                                                                                                                                                                                                  • Opcode ID: 91d8314591db20df800a7da1d8fd2c5e320f8efe3173f04a01c1687770077c5c
                                                                                                                                                                                                                                                  • Instruction ID: 230692b4d1cf838d7806bae704198524d613ab63f58d49ea5b943a9b32392746
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91d8314591db20df800a7da1d8fd2c5e320f8efe3173f04a01c1687770077c5c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E5124627082E156E734DB99A824B7E3B99EB857D4F008131EEAD63BD5CE3CD541CB00
                                                                                                                                                                                                                                                  Function 00007FFD9391C7F0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 111COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • BIO_indent.LIBCRYPTO-3(?,?,?,?,?,00007FFD9391D420,?,?,?,?,?,?,00007FFD9391B5F8), ref: 00007FFD9391C826
                                                                                                                                                                                                                                                  • BIO_printf.LIBCRYPTO-3(?,?,?,?,?,00007FFD9391D420,?,?,?,?,?,?,00007FFD9391B5F8), ref: 00007FFD9391C87A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_indentO_printf
                                                                                                                                                                                                                                                  • String ID: <EMPTY>$UNKNOWN$client_verify_data$extension_type=%s(%d), length=%d$server_verify_data
                                                                                                                                                                                                                                                  • API String ID: 1860387303-127224826
                                                                                                                                                                                                                                                  • Opcode ID: 5862d4356951e052ad7eaed82b16746939e3355140c451577a94c6f812020e4a
                                                                                                                                                                                                                                                  • Instruction ID: 718b2ae8caeef0b61f123ec9001fe82b9ece6545db7a288e54706ae3bc97644a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5862d4356951e052ad7eaed82b16746939e3355140c451577a94c6f812020e4a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F941B236B0C692A9E6348BC5E4607BA6769FB89B80F444031DE4E33B95DF3CE542CB40
                                                                                                                                                                                                                                                  Function 00007FFD938E2315 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_lib.c$tls_process_change_cipher_spec
                                                                                                                                                                                                                                                  • API String ID: 193678381-3810074443
                                                                                                                                                                                                                                                  • Opcode ID: 522da9b3beb261c0b84c81c1e5b9289c1f6ee77c1ef101be81f09331d13848a9
                                                                                                                                                                                                                                                  • Instruction ID: 3902a1d74b6bcd3848a7b1c6bb2ec80c02262ca2d9f90f42b8ea000adf10b155
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 522da9b3beb261c0b84c81c1e5b9289c1f6ee77c1ef101be81f09331d13848a9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C0418C66F08282A2FBB4EBE1D8657F92398AF84748F444432DD0D636D2DF6CA9C5C700
                                                                                                                                                                                                                                                  Function 00007FFD9391D2E0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 113COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_puts$O_indent
                                                                                                                                                                                                                                                  • String ID: No extensions$extensions, extype = %d, extlen = %d$extensions, length = %d
                                                                                                                                                                                                                                                  • API String ID: 3358443131-3081145182
                                                                                                                                                                                                                                                  • Opcode ID: c762ab333882584ce8f0169b4dba7062ddae6f5a73a86c39bcdf488755cf4005
                                                                                                                                                                                                                                                  • Instruction ID: f8d8af9eb98fb82deaaa22352395dccc0bcba696cff4e521201e224db6063129
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c762ab333882584ce8f0169b4dba7062ddae6f5a73a86c39bcdf488755cf4005
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB4128637082D159D730CB95A820779B7A9FB89B94F488131EE8C23B89DF3CE545C700
                                                                                                                                                                                                                                                  Function 00007FFD938E1375 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 72COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_puts$O_printf
                                                                                                                                                                                                                                                  • String ID: Master-Key:$%02X$RSA $Session-ID:
                                                                                                                                                                                                                                                  • API String ID: 4098839300-1878088908
                                                                                                                                                                                                                                                  • Opcode ID: fda8fcf2d81b2b0c740b8bfcb5be14cfd8bb3c30529b8a77aa9d5ac2da1480ae
                                                                                                                                                                                                                                                  • Instruction ID: 8e5db21e70a39df4168981f93a4b77883369061697475f56e80e1f9b4d9cee68
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fda8fcf2d81b2b0c740b8bfcb5be14cfd8bb3c30529b8a77aa9d5ac2da1480ae
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D331B321B0DA82B1E6A597D5DA743B9A368FF48B88F448031EE0E73695DF2CE651C704
                                                                                                                                                                                                                                                  Function 00007FFD939072F0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: L_sk_numL_sk_pop_free$L_sk_new_reserveL_sk_valueR_newR_set_debugR_set_errorX509_free
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_lib.c$ssl_dane_dup
                                                                                                                                                                                                                                                  • API String ID: 641917998-780499551
                                                                                                                                                                                                                                                  • Opcode ID: c2c7d87bce939961a0199c6e8bee7f3c77e2c972a0f7738d754dfb736ed6e270
                                                                                                                                                                                                                                                  • Instruction ID: dcf865fe8faed5eb26456b35aab12de699c80f67c085ce67f5d38de0a6adead5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2c7d87bce939961a0199c6e8bee7f3c77e2c972a0f7738d754dfb736ed6e270
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B831A12A70878292E764DBA5E4603AE6769FB84B80F444435EE8D63796DE3CD5408710
                                                                                                                                                                                                                                                  Function 00007FFD93905670 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: L_sk_new_nullL_sk_popL_sk_pushR_newR_set_debugR_set_errorT_free
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_lib.c$ct_move_scts
                                                                                                                                                                                                                                                  • API String ID: 678090195-2572802885
                                                                                                                                                                                                                                                  • Opcode ID: e8f2d14d73432a17dfe26c064f1f3f55e634b60d6841f4f352f828a2021878d4
                                                                                                                                                                                                                                                  • Instruction ID: d5714e7350563c714f62cd4d1b01992e7819b39dd6e2892b81655c3d20aaa1ef
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e8f2d14d73432a17dfe26c064f1f3f55e634b60d6841f4f352f828a2021878d4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75217829B1D742A1FA30FFD69420679639DAF94780F544431EE4D67BD6DE3CE4918B00
                                                                                                                                                                                                                                                  Function 00007FFD938E1294 Relevance: 15.3, APIs: 10, Instructions: 289COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_ctrl$X_get0_cipher$D_get_sizeR_get_flagsR_get_modeX_get0_mdX_get_block_size
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3427282322-0
                                                                                                                                                                                                                                                  • Opcode ID: 9ba387fe39d584fff998017688e6a5302e9891b1d7b35a3b47eecf7aa9efcc48
                                                                                                                                                                                                                                                  • Instruction ID: d97e4e239b654372e14c2c04011ad815dc5bfef25252dae7c53fa7ff1e537fac
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ba387fe39d584fff998017688e6a5302e9891b1d7b35a3b47eecf7aa9efcc48
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EFD1D363B097E185E7709FA584A43FC37A8EB45B88F088136DE8D5739ADE38D590C711
                                                                                                                                                                                                                                                  Function 00007FFD938E12A8 Relevance: 15.1, APIs: 10, Instructions: 78COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_freeO_new
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4227620691-0
                                                                                                                                                                                                                                                  • Opcode ID: 9af4bb0d0e66f5df0d633afe5796e4b84df038deb506c1da50831db546e3dd56
                                                                                                                                                                                                                                                  • Instruction ID: cef8943a697681f118f50f6a195790316e941cfc78204d39e15f694f2ba67192
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9af4bb0d0e66f5df0d633afe5796e4b84df038deb506c1da50831db546e3dd56
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD217C44B1E75294FA78B7E2597127A13986F85BC4F440034EE0E77B86EE2EE4414B00
                                                                                                                                                                                                                                                  Function 00007FFD938E20B8 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Digest$Final_exInit_ex$UpdateX_freeX_new
                                                                                                                                                                                                                                                  • String ID: exporter
                                                                                                                                                                                                                                                  • API String ID: 3991325671-111224270
                                                                                                                                                                                                                                                  • Opcode ID: 8658a91171fae5a8d5ed054dd2db533ec410306234abf4b43626a48e8451353a
                                                                                                                                                                                                                                                  • Instruction ID: 1c21c36b45728708b4e419d4b5ab433fcf1ea464712229b932d1d21c380aae47
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8658a91171fae5a8d5ed054dd2db533ec410306234abf4b43626a48e8451353a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8241623670878655EA35DF96E8607EAA3A8EF8A7C0F440132ED8D67B55DF3CE0418B00
                                                                                                                                                                                                                                                  Function 00007FFD938E21E9 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 110COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newmemcpy$R_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_lib.c$CLIENT_RANDOM$tls_construct_finished
                                                                                                                                                                                                                                                  • API String ID: 3909032045-3711601257
                                                                                                                                                                                                                                                  • Opcode ID: 60426255eba6112f76f80d07a8eade3406939433570aeb2bfc7c873cad3bf0fd
                                                                                                                                                                                                                                                  • Instruction ID: 8acfa297bd5dc4a89591678f2c106d541b3e830a813e1c4f2bae6de326f78381
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 60426255eba6112f76f80d07a8eade3406939433570aeb2bfc7c873cad3bf0fd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C517336B0875392E770DFA5D4687E923A8EB45B88F041036DE4E67796EF39D981C300
                                                                                                                                                                                                                                                  Function 00007FFD938E223E Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 109COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_clnt.c$tls_construct_client_certificate
                                                                                                                                                                                                                                                  • API String ID: 193678381-1244782752
                                                                                                                                                                                                                                                  • Opcode ID: 47e3d7a25f3da6ff5af681691d33c7ba41185fd2372be43874d5b8a1d311f6c2
                                                                                                                                                                                                                                                  • Instruction ID: f4dc72573758ce5910419052893349b1c55e55df84a6e38f2d645aad2e598ae9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 47e3d7a25f3da6ff5af681691d33c7ba41185fd2372be43874d5b8a1d311f6c2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B6418165B1828292E7B4EBE5E978BFA2398EF45B84F444032DD4D676D6DF2CE4818700
                                                                                                                                                                                                                                                  Function 00007FFD938E10EB Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_parse_stoc_psk
                                                                                                                                                                                                                                                  • API String ID: 193678381-1931443905
                                                                                                                                                                                                                                                  • Opcode ID: 4e5b55db31039d31d9750c5e52b3d1bdf07f441a2022e32ca7753edf101a8f01
                                                                                                                                                                                                                                                  • Instruction ID: 5f5b5b2026a129792730e925bc3507bdbbc8af3223df1da4aff4573dea4697e0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e5b55db31039d31d9750c5e52b3d1bdf07f441a2022e32ca7753edf101a8f01
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C419462F08A8695F764DFA4D4613FA33A8EB98B48F584131DE4D5B296DF3CE5C18B00
                                                                                                                                                                                                                                                  Function 00007FFD938E127B Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$ErrorLastO_write
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\record\rec_layer_s3.c$ssl3_write_pending
                                                                                                                                                                                                                                                  • API String ID: 433171503-1219543453
                                                                                                                                                                                                                                                  • Opcode ID: bf9cdb09f0e300db7620d2724ffb2bedf2de1bc094931e3f46119badfe91375f
                                                                                                                                                                                                                                                  • Instruction ID: 07430c0b1b3e6d9cc23456d67f06272c49e2dff18b110abcb04402ed919b3571
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf9cdb09f0e300db7620d2724ffb2bedf2de1bc094931e3f46119badfe91375f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1041AE32B0DB42A6EB74DBA9D4647A933A8FB44B84F544136DA0D23B95DF3DE851C300
                                                                                                                                                                                                                                                  Function 00007FFD9394D450 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 99COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_ctrlR_newR_set_debugmemcpy
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_lib.c$TLS 1.3, client CertificateVerify$TLS 1.3, server CertificateVerify$get_cert_verify_tbs_data
                                                                                                                                                                                                                                                  • API String ID: 152836652-3760622993
                                                                                                                                                                                                                                                  • Opcode ID: 05f68823373f23e9663de47f1c69a2da06f222f5d74598419237d48ab8bc82a0
                                                                                                                                                                                                                                                  • Instruction ID: deef9eda52deb6ed3b6be2ce299c153d0a170946792369bc9cff6580f0593d62
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 05f68823373f23e9663de47f1c69a2da06f222f5d74598419237d48ab8bc82a0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9241F566B08792A6E770CF94D4643BC77A4FB95B88F408132DA8DA3696DF3CE590C700
                                                                                                                                                                                                                                                  Function 00007FFD938E26F3 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 95COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_supported_versions
                                                                                                                                                                                                                                                  • API String ID: 193678381-3987601604
                                                                                                                                                                                                                                                  • Opcode ID: 7d9f7386757de1acade9f54d333396f3bafaae9891502917c6c8fb9a60050746
                                                                                                                                                                                                                                                  • Instruction ID: 64936adba52460ff1000081e63ee00d2bd3af01307459ae1e93e3ee6936a651a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d9f7386757de1acade9f54d333396f3bafaae9891502917c6c8fb9a60050746
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A931A0A1B0C24261FB74A7D1E6653BB5399AF807C4F550031EE4D6BADADF2DE9428B00
                                                                                                                                                                                                                                                  Function 00007FFD939083E0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ($..\s\ssl\ssl_lib.c$ssl_start_async_job
                                                                                                                                                                                                                                                  • API String ID: 1552677711-1319532896
                                                                                                                                                                                                                                                  • Opcode ID: 4531f297435977068fc41978c83a305b3a19b3c147982f5094811f45cda28054
                                                                                                                                                                                                                                                  • Instruction ID: d82473cc29caafb1a3542b1beb5f5a59e863370918b04651210174f60a4f24fc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4531f297435977068fc41978c83a305b3a19b3c147982f5094811f45cda28054
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 56315E7AB0D642A1E7309FE4E4643EA7368EB44798F640131EA4C676D6DF7CD984CB40
                                                                                                                                                                                                                                                  Function 00007FFD938E2207 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_srvr.c$tls_process_end_of_early_data
                                                                                                                                                                                                                                                  • API String ID: 193678381-3379596787
                                                                                                                                                                                                                                                  • Opcode ID: 5b1ef5d411f48c5a7d8d6e1d3c280f35ddc56ed48339d34cdb799238054dfff6
                                                                                                                                                                                                                                                  • Instruction ID: a2bbe5b50c44d9119805ce7215265b0fd22cfaaad472d132ab25c97a5c245f7c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5b1ef5d411f48c5a7d8d6e1d3c280f35ddc56ed48339d34cdb799238054dfff6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55219F65F18242A6F774EBF0D8267F92388AF80740F584031C90EA76C2DF6DA9C5CB40
                                                                                                                                                                                                                                                  Function 00007FFD938E1686 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_lib.c$tls_process_key_update
                                                                                                                                                                                                                                                  • API String ID: 193678381-597347991
                                                                                                                                                                                                                                                  • Opcode ID: 29c723160eaeccd918e91a572f20d26d1d019dcd008e3f0eb2bd94873a2d9714
                                                                                                                                                                                                                                                  • Instruction ID: 2b2903cc184175136fc13d72ac3a7ac64d401ff98a9a719c0ea1a6a93fe9b1fb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 29c723160eaeccd918e91a572f20d26d1d019dcd008e3f0eb2bd94873a2d9714
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4421AB65F0874371FB74ABE2E9607BA2359AF84384F544032DE0E236D2DF2DE9908B40
                                                                                                                                                                                                                                                  Function 00007FFD938E177B Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 66COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_parse_stoc_session_ticket
                                                                                                                                                                                                                                                  • API String ID: 193678381-795302288
                                                                                                                                                                                                                                                  • Opcode ID: 7569506422c07eb92df6d3688399514f61789aef830400ca2956908e2d640d88
                                                                                                                                                                                                                                                  • Instruction ID: 5ed46933611294e0a318eb9d2b5ac62b44a1e39082cf4e7e2be69d7d78cab503
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7569506422c07eb92df6d3688399514f61789aef830400ca2956908e2d640d88
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3621E261F0CA4261F778A7E5E8653EA1398EF84780F944031ED0E67BD6DE2CE4808700
                                                                                                                                                                                                                                                  Function 00007FFD938E1627 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: L_sk_num$L_sk_value
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_lib.c$SSL_set_cipher_list
                                                                                                                                                                                                                                                  • API String ID: 1603723057-1252523853
                                                                                                                                                                                                                                                  • Opcode ID: 0cdc888642a4c7ec4b4db4ee68f31cf0bed92deb90d71d28f91530e20ff43650
                                                                                                                                                                                                                                                  • Instruction ID: aa507b1788bc5483d328c2023cb9cb0ad6e9b7ac81ee753b7a84356e9a277470
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0cdc888642a4c7ec4b4db4ee68f31cf0bed92deb90d71d28f91530e20ff43650
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3421C826B1974192E760AB99E4A03FA63A8FF84784F540035DF4C67792DF3DD5428B00
                                                                                                                                                                                                                                                  Function 00007FFD938E1384 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: L_sk_num$L_sk_value
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_lib.c$SSL_CTX_set_cipher_list
                                                                                                                                                                                                                                                  • API String ID: 1603723057-1814062246
                                                                                                                                                                                                                                                  • Opcode ID: 3d304f5563a97701548db3dfe9b26dbf5cd5e5ff3eb041c5f35f6c751ca3617e
                                                                                                                                                                                                                                                  • Instruction ID: 0acf7a7183fb2f71b49402fb8c2f1862c18337942eeddab270c6aa465d95c1f3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d304f5563a97701548db3dfe9b26dbf5cd5e5ff3eb041c5f35f6c751ca3617e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D421C926B1875193E760ABA9E4603F963A8EF94788F540031EF4C537E6DF3DD9468B40
                                                                                                                                                                                                                                                  Function 00007FFD938E17A3 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_ctrlO_freeO_newR_newR_set_debugX_free
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\s3_enc.c$ssl3_init_finished_mac
                                                                                                                                                                                                                                                  • API String ID: 1341981153-3994752933
                                                                                                                                                                                                                                                  • Opcode ID: a55c4d5e2d92631bf5f834d8452a45869b6b17d71c184bb8b097b1ae6fe7c17b
                                                                                                                                                                                                                                                  • Instruction ID: f32fa52b942135b23e8a77402abe1862630ff2829a065620b136c5a0dd6ffdc0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a55c4d5e2d92631bf5f834d8452a45869b6b17d71c184bb8b097b1ae6fe7c17b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B118236B0874261E7B4FBE1F5617E92354EB84784F444030DE0D1BB96DE3CE5808700
                                                                                                                                                                                                                                                  Function 00007FFD939051A0 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFD93902D97), ref: 00007FFD939051CE
                                                                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFD93902D97), ref: 00007FFD939051E6
                                                                                                                                                                                                                                                  • ERR_set_error.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFD93902D97), ref: 00007FFD939051F7
                                                                                                                                                                                                                                                  • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFD93902D97), ref: 00007FFD93905210
                                                                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFD93902D97), ref: 00007FFD93905228
                                                                                                                                                                                                                                                  • ERR_set_error.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFD93902D97), ref: 00007FFD93905239
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_lib.c$can_renegotiate
                                                                                                                                                                                                                                                  • API String ID: 1552677711-3796731956
                                                                                                                                                                                                                                                  • Opcode ID: ffee28e96335aa704968abb80b6c1ed724ff21ba08e802f7bdb6329489e06ba8
                                                                                                                                                                                                                                                  • Instruction ID: 13e021ad27ff713763fb6c7fc4f1408f4179430faeced6df3751bb96e5ad66dc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ffee28e96335aa704968abb80b6c1ed724ff21ba08e802f7bdb6329489e06ba8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C118469F2924663F7A4EBE8C8627EA2394FF50700FD04031E54CA36D2CE2CE985CA01
                                                                                                                                                                                                                                                  Function 00007FFD938E2333 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 41COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_lib.c$SSL_CTX_check_private_key
                                                                                                                                                                                                                                                  • API String ID: 1552677711-2096838628
                                                                                                                                                                                                                                                  • Opcode ID: 47520c5f97b16008fda1cc4b12aafc570e90f933446927589590d1bf795c4cd6
                                                                                                                                                                                                                                                  • Instruction ID: 4b2e645b257471d48e92a61e61e04688032840f1669dad66cbbd4c03c6d00653
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 47520c5f97b16008fda1cc4b12aafc570e90f933446927589590d1bf795c4cd6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D01C46CF1A70662FBB4E7E4C8713BA23A8AF80340FA04031D90D227D1EE2DE5868741
                                                                                                                                                                                                                                                  Function 00007FFD938F26B0 Relevance: 13.6, APIs: 9, Instructions: 99COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • X509_get_subject_name.LIBCRYPTO-3(?,?,00000001,00007FFD938F1FDE), ref: 00007FFD938F277C
                                                                                                                                                                                                                                                  • X509_NAME_dup.LIBCRYPTO-3(?,?,00000001,00007FFD938F1FDE), ref: 00007FFD938F2789
                                                                                                                                                                                                                                                  • X509_NAME_free.LIBCRYPTO-3(?,?,00000001,00007FFD938F1FDE), ref: 00007FFD938F27A8
                                                                                                                                                                                                                                                  • OPENSSL_sk_push.LIBCRYPTO-3(?,?,00000001,00007FFD938F1FDE), ref: 00007FFD938F27B5
                                                                                                                                                                                                                                                  • OSSL_STORE_INFO_free.LIBCRYPTO-3(?,?,00000001,00007FFD938F1FDE), ref: 00007FFD938F27C1
                                                                                                                                                                                                                                                  • OSSL_STORE_eof.LIBCRYPTO-3(?,?,00000001,00007FFD938F1FDE), ref: 00007FFD938F27C9
                                                                                                                                                                                                                                                  • ERR_clear_error.LIBCRYPTO-3(?,?,00000001,00007FFD938F1FDE), ref: 00007FFD938F27D6
                                                                                                                                                                                                                                                  • X509_NAME_free.LIBCRYPTO-3(?,?,00000001,00007FFD938F1FDE), ref: 00007FFD938F27E0
                                                                                                                                                                                                                                                  • OSSL_STORE_close.LIBCRYPTO-3(?,?,00000001,00007FFD938F1FDE), ref: 00007FFD938F27EB
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: X509_$E_free$E_closeE_dupE_eofL_sk_pushO_freeR_clear_errorX509_get_subject_name
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1726013196-0
                                                                                                                                                                                                                                                  • Opcode ID: 6f23f7b54a11d709552117ddb9c7223c8944742f81841d3e0c78c538a5bb88f6
                                                                                                                                                                                                                                                  • Instruction ID: 8ca6e1ac0fc833e68b56f42f3834089b21ef9954a84b256d1441f6ce5fff1157
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f23f7b54a11d709552117ddb9c7223c8944742f81841d3e0c78c538a5bb88f6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4D31381CF0D74315FD75BBE6693137A12A85F85BC0F840034ED0E6AB96EE2DF8824A90
                                                                                                                                                                                                                                                  Function 00007FFD939053F0 Relevance: 13.6, APIs: 9, Instructions: 75COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: P_resp_countT_free$E_freeL_sk_new_nullP_freeP_get1_ext_d2iP_resp_get0P_response_get1_basicR_newR_set_debugR_set_errord2i_
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2730705051-0
                                                                                                                                                                                                                                                  • Opcode ID: 0e7fa4a51d6b1f64f47392326b463c9cfd1bb6ecd7d7e87c3f01f1a2ef2afe8b
                                                                                                                                                                                                                                                  • Instruction ID: b94b0d500c97a5d41e2b996b39b305f57bfee68f308372e6b88250bb392875e6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0e7fa4a51d6b1f64f47392326b463c9cfd1bb6ecd7d7e87c3f01f1a2ef2afe8b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B821D619F0D75261E970EAD764717B927D8AF85BC4F040039EE4D6BB83EE6DE4828B40
                                                                                                                                                                                                                                                  Function 00007FFD9392E310 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$L_sk_num
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions.c$tls_construct_certificate_authorities
                                                                                                                                                                                                                                                  • API String ID: 2899912155-903051733
                                                                                                                                                                                                                                                  • Opcode ID: b9df21bb734bebf1789b37818d0d66caccf0502b66ff8aafcd004ca205a0a710
                                                                                                                                                                                                                                                  • Instruction ID: f526c9e2f5369fb31b02dea00a8c8cb0c9e0e6b4e22fc7122f1e096c357f81c6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b9df21bb734bebf1789b37818d0d66caccf0502b66ff8aafcd004ca205a0a710
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B318421F1868251F7B4A792F9617BA5398AF847C0F481031EE4E67BD6DE2CE9818700
                                                                                                                                                                                                                                                  Function 00007FFD9394E190 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debugX509i2d_
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_lib.c$ssl_add_cert_to_wpacket
                                                                                                                                                                                                                                                  • API String ID: 3356145284-2373850725
                                                                                                                                                                                                                                                  • Opcode ID: 1bf72f7a9a418b59947d639660ac768812c716816504b6269ac81f9014ef3c15
                                                                                                                                                                                                                                                  • Instruction ID: b80e98cc12877292a5ef246939319bde45ff54164513d252e0004b4296928791
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1bf72f7a9a418b59947d639660ac768812c716816504b6269ac81f9014ef3c15
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE318165F0C75262F774ABE2E8647AA6358AB84BC0F444132ED4DA7B95DF2CE540C740
                                                                                                                                                                                                                                                  Function 00007FFD938E106E Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 65COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_srvr.c$ossl_statem_server_post_process_message$tls_post_process_client_key_exchange
                                                                                                                                                                                                                                                  • API String ID: 193678381-715354105
                                                                                                                                                                                                                                                  • Opcode ID: c015cf87a1d6c59d76f62471f3f2b99463cc2c3256abcc23cd98aa0413742e66
                                                                                                                                                                                                                                                  • Instruction ID: 73c338774caa5b2a9535fed2b06cbc87fb6ac056fafcc2555c77f8c4bea21bd1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c015cf87a1d6c59d76f62471f3f2b99463cc2c3256abcc23cd98aa0413742e66
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9221D562F1820266F374A7F4D8A67F813889F84714F944431D90DA22D2DF2DE9C6C710
                                                                                                                                                                                                                                                  Function 00007FFD938E11C2 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_new$R_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_maxfragmentlen
                                                                                                                                                                                                                                                  • API String ID: 476316267-2768509386
                                                                                                                                                                                                                                                  • Opcode ID: 00e72c825b025b49b59382b8093530e5ecf1248ef624fda0ae2378351fb25927
                                                                                                                                                                                                                                                  • Instruction ID: 1e48f17ce7e3839e1b7e6da7d858361aaf5ba9552f36e2df2e9a3d18035c1545
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 00e72c825b025b49b59382b8093530e5ecf1248ef624fda0ae2378351fb25927
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C42193E6F09686A2F7B5ABE1E8613F92398EF80744F544031DA1E277D2DE2C99D1C700
                                                                                                                                                                                                                                                  Function 00007FFD939556D0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 58COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_srvr.c$p$ssl_check_srp_ext_ClientHello
                                                                                                                                                                                                                                                  • API String ID: 193678381-2953162070
                                                                                                                                                                                                                                                  • Opcode ID: a724ffa4adbff50ed23554cac04d888e0867ab1b44ce4ea7118337f94584a7b0
                                                                                                                                                                                                                                                  • Instruction ID: 29ffc07b0ec709ce91070b65c70ce8229404f2d694f477bc9b305ac0ac7cc5f7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a724ffa4adbff50ed23554cac04d888e0867ab1b44ce4ea7118337f94584a7b0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B21D562F1924292F770A7E4E4657B92344EF84714F940131ED0EAA6D2EF2CE8C1CB00
                                                                                                                                                                                                                                                  Function 00007FFD938E237E Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_new$R_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_parse_stoc_maxfragmentlen
                                                                                                                                                                                                                                                  • API String ID: 476316267-2494698823
                                                                                                                                                                                                                                                  • Opcode ID: d8a5845e12814c52d556ae87b962f841879b70cfb8b58c889c854b5485bc3b70
                                                                                                                                                                                                                                                  • Instruction ID: bf72e81e12e69372ddf45fdc949ebfd6e237265ad01cbe9d23882db20ddd60de
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8a5845e12814c52d556ae87b962f841879b70cfb8b58c889c854b5485bc3b70
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E1181A1F0968662F775A7E0E8613FA2398EF44B40F944432DA0E277D2DE2CA9D5C700
                                                                                                                                                                                                                                                  Function 00007FFD938E1753 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 55COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_lib.c$SSL_shutdown
                                                                                                                                                                                                                                                  • API String ID: 1552677711-3410285451
                                                                                                                                                                                                                                                  • Opcode ID: a75337dd072e9d2ea19a9817325d218080fb3d66144d97d4ed167f07bb11ddc1
                                                                                                                                                                                                                                                  • Instruction ID: 6f7a0afc607649498d3b43a31a4cda4b7473c6807f38366f00b938160d0f5c8f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a75337dd072e9d2ea19a9817325d218080fb3d66144d97d4ed167f07bb11ddc1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E219D6AF18746A2F730ABE0E4613BA2358FF84748F940131E98D366D2DF3CE580CA40
                                                                                                                                                                                                                                                  Function 00007FFD9394D835 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: L_sk_pop_free$E_freeL_sk_newL_sk_pushR_newR_set_debugX509_
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_lib.c$parse_ca_names
                                                                                                                                                                                                                                                  • API String ID: 3454744561-1744826974
                                                                                                                                                                                                                                                  • Opcode ID: 04ddb308f44a95e164a7bc128782d027c77922fadf66ae16df02d4ebe5c69b21
                                                                                                                                                                                                                                                  • Instruction ID: 8f11202c98f0206109eb01e9a5ac49a3ed38dd9e6aef0b1778cea0ee6219bc95
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 04ddb308f44a95e164a7bc128782d027c77922fadf66ae16df02d4ebe5c69b21
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19019E1AB0D64274F6A4BBE6EC717AB6358AF847C4F444431ED4D23B92DE3CE5868B40
                                                                                                                                                                                                                                                  Function 00007FFD939057A0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: L_sk_numL_sk_valueR_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_lib.c$ct_strict
                                                                                                                                                                                                                                                  • API String ID: 2392307641-4060112342
                                                                                                                                                                                                                                                  • Opcode ID: 4533c9fab320a86e9a286d2274cf84dd3800ab5d49d8415c502bd591c6c9f230
                                                                                                                                                                                                                                                  • Instruction ID: 06827c5d652f76858a91434f73ba047cd3ecfa5ad66e8293b07814989b54ff1d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4533c9fab320a86e9a286d2274cf84dd3800ab5d49d8415c502bd591c6c9f230
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B019629F1C74261F7B4A7E9A4A13AA5354EF847C0F945031FD5D67B96EE2CD8818B00
                                                                                                                                                                                                                                                  Function 00007FFD9394F580 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug$X_copy_ex
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_lib.c$tls13_restore_handshake_digest_for_pha
                                                                                                                                                                                                                                                  • API String ID: 3813578642-2862071989
                                                                                                                                                                                                                                                  • Opcode ID: cc85d45ec69b2fe8d2e568d824f8db917588606204a57535e552233c511a2a3d
                                                                                                                                                                                                                                                  • Instruction ID: 743a32252eca60cd9ab0ffd3e5915d43004aee23ec1e8788a3a40d3a21d90b6c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cc85d45ec69b2fe8d2e568d824f8db917588606204a57535e552233c511a2a3d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36015EA9F19242A2FBB4E7E1D875BF91358AF94380F844031DD0D676D2EE2DA9918B00
                                                                                                                                                                                                                                                  Function 00007FFD9390A6B0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Key_exPrivateR_newR_set_debugR_set_errorY_freed2i_
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_rsa.c$SSL_use_PrivateKey_ASN1
                                                                                                                                                                                                                                                  • API String ID: 3030233885-3334455494
                                                                                                                                                                                                                                                  • Opcode ID: af7538087e6b9d2ece4810e187fc112cdef763de443be325085e7a9a76417a86
                                                                                                                                                                                                                                                  • Instruction ID: d48187002d64ebbc182e793ac35d43d92e26cc794bea80207f6623f567acae31
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: af7538087e6b9d2ece4810e187fc112cdef763de443be325085e7a9a76417a86
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8501C466B19B4191E760EBA9E5503EE63A4FF897C4F940031EF8C53B96DE3CD1948B00
                                                                                                                                                                                                                                                  Function 00007FFD938E20C2 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_errorY_freeY_get_security_bits
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_lib.c$SSL_CTX_set0_tmp_dh_pkey
                                                                                                                                                                                                                                                  • API String ID: 2486296959-3750284656
                                                                                                                                                                                                                                                  • Opcode ID: b78ec14be19508be5f2ba3cb4a26e16aa11da7b85685c5e7afd526f49ea6ba3b
                                                                                                                                                                                                                                                  • Instruction ID: db42f8420e6fe83fd19461dc729ae000e9b7fef758851c8bb2848247347818d4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b78ec14be19508be5f2ba3cb4a26e16aa11da7b85685c5e7afd526f49ea6ba3b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E01F566B1864291E760E7E4F9617FA63A8EF887C4F544031EE4C63BD6DE3CD9408B00
                                                                                                                                                                                                                                                  Function 00007FFD938E263F Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_errorY_freeY_get_security_bits
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_lib.c$SSL_set0_tmp_dh_pkey
                                                                                                                                                                                                                                                  • API String ID: 2486296959-3900076315
                                                                                                                                                                                                                                                  • Opcode ID: 0663dbe0d9e2f24b4d42b00f9c6a5dfd65e6da1202bfe41ae48a83f1b03d5ee1
                                                                                                                                                                                                                                                  • Instruction ID: aec5debd8ebe44af4f35d37521514aa5a3d9ab0f1770d3d3382f91f81bcd939b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0663dbe0d9e2f24b4d42b00f9c6a5dfd65e6da1202bfe41ae48a83f1b03d5ee1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1701B969B1C64161E760F7A5F9617BA63A8EF857C4F544031EE4C63BD6DE3CD5408B00
                                                                                                                                                                                                                                                  Function 00007FFD938E52E0 Relevance: 12.1, APIs: 8, Instructions: 112COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_clear_flagsO_get_dataO_set_flagsO_set_retry_reason
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3836630899-0
                                                                                                                                                                                                                                                  • Opcode ID: e03d538e60a270bb7c9e6b1dbca698f7b36a3815dcc41f1296a6c0701146d666
                                                                                                                                                                                                                                                  • Instruction ID: a0512070138ddcaeedb5c8e46b38a38a3fcc179951272bd59d4db914f038e280
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e03d538e60a270bb7c9e6b1dbca698f7b36a3815dcc41f1296a6c0701146d666
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC41A766F0C21242E779BBA6A52167E6399EF81BC8F504031DD0C67B8ACE3DD9828740
                                                                                                                                                                                                                                                  Function 00007FFD938E1578 Relevance: 12.1, APIs: 8, Instructions: 104COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: L_sk_num$L_sk_findL_sk_valueL_strnlenmemcpy
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2509952571-0
                                                                                                                                                                                                                                                  • Opcode ID: 423b726654964b2388d601fefa8885fe1dc2bb7bea55b20e942cd706f42b498f
                                                                                                                                                                                                                                                  • Instruction ID: 088f66e7781ed9ad8814548eeab1309ef1ba97fdd6d36a0bd5a8e3c87270a1aa
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 423b726654964b2388d601fefa8885fe1dc2bb7bea55b20e942cd706f42b498f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75317A2FB0978354E631AA96A56637A6788BF42FD8F080030EE4D677A5DF3CE481C700
                                                                                                                                                                                                                                                  Function 00007FFD939065E0 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: L_sk_num$E_dupL_sk_new_nullL_sk_valueX509_
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3273602126-0
                                                                                                                                                                                                                                                  • Opcode ID: 696f9ce60301da99104408f8e4581387c970970da34e4d3e55ea35e57f899cbf
                                                                                                                                                                                                                                                  • Instruction ID: c4c5db295273c0e9a4bcc761e768eabec0e0fbdce76f27d07a8abc304d0648dd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 696f9ce60301da99104408f8e4581387c970970da34e4d3e55ea35e57f899cbf
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1921C829B0D742A5EA70FBE694A037D5398EF54BC4F081030EE4D57B96DE3CE4818B00
                                                                                                                                                                                                                                                  Function 00007FFD938E228E Relevance: 12.1, APIs: 8, Instructions: 54COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_free$O_new$O_s_connect
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3895418919-0
                                                                                                                                                                                                                                                  • Opcode ID: eb7f830061f6341aaed8e9ea6bde47c98f41d6a09f7d89c024111d808a6b4c4e
                                                                                                                                                                                                                                                  • Instruction ID: 3d17841e6c9cf8c66a2657b331eb83aed32b11eb592ae4715bb412b28a9dd322
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb7f830061f6341aaed8e9ea6bde47c98f41d6a09f7d89c024111d808a6b4c4e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B115A45F0D74351FEB9B7E2A9312BA13885F85BC4F081034ED0E6BB86EE2DE4924B00
                                                                                                                                                                                                                                                  Function 00007FFD9394B560 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 140COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_ctrlX_get0_cipher$D_get_sizeR_get_flagsR_get_modeR_newR_set_debugX_get0_mdX_get_block_sizememcpy
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_dtls.c$dtls1_retransmit_message
                                                                                                                                                                                                                                                  • API String ID: 4032328484-3409696843
                                                                                                                                                                                                                                                  • Opcode ID: 35c08ca5b6df72c29fcff8482bf295c2180412b58a38359ed8757325d35b4e9c
                                                                                                                                                                                                                                                  • Instruction ID: 080946bdc6dd4debb56e74b1ae4b688402dae34c15567a8847ba0c263f75520f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 35c08ca5b6df72c29fcff8482bf295c2180412b58a38359ed8757325d35b4e9c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CF61BC32708B9492D7A8EB66E5907EA77A8FB88B80F414136EF9D43741CF39D4A0C700
                                                                                                                                                                                                                                                  Function 00007FFD938E21F3 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_clnt.c$ossl_statem_client_read_transition
                                                                                                                                                                                                                                                  • API String ID: 3946675294-211585089
                                                                                                                                                                                                                                                  • Opcode ID: e96a28e129b909e6359b31ab0034dc2b12ab5a36858a46d44988d6aab555a2b4
                                                                                                                                                                                                                                                  • Instruction ID: f440607cafd2e9546bd5d56a8e01995269f7b14b22053b37239fe1fe9e789d3d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e96a28e129b909e6359b31ab0034dc2b12ab5a36858a46d44988d6aab555a2b4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19313B32B1C24292E774EBE5D4643BC2395EB48B88F184430DA0E977D5CE2DD581C700
                                                                                                                                                                                                                                                  Function 00007FFD938E22A2 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_parse_stoc_status_request
                                                                                                                                                                                                                                                  • API String ID: 193678381-3840607856
                                                                                                                                                                                                                                                  • Opcode ID: 04bca72229bd47922c772432602eda02b164c51c0c4fda7c46eff59f9b5b601f
                                                                                                                                                                                                                                                  • Instruction ID: 46da058d2ca15210ce41dc9a56eebe4e0b1f68361a5e4ba8c560cddaf124f2da
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 04bca72229bd47922c772432602eda02b164c51c0c4fda7c46eff59f9b5b601f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B121C1A2F0824662FBBC97D1D8A87F923A8EF80714F644031D90DA76D1DE6DE9D1C701
                                                                                                                                                                                                                                                  Function 00007FFD9391B2B0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 61COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_indentO_printf
                                                                                                                                                                                                                                                  • String ID: %s=0x%x (%s)$UNKNOWN$cookie$server_version
                                                                                                                                                                                                                                                  • API String ID: 1860387303-3219550004
                                                                                                                                                                                                                                                  • Opcode ID: 64ca8e15f2fd70a2bc7e9583ff755a23efd2fa34a0515b12eecb7d8ed4e3806f
                                                                                                                                                                                                                                                  • Instruction ID: f32a89f7552d462fdb4b99dc296a23144142b830aea97e28d81a75a1b822939b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 64ca8e15f2fd70a2bc7e9583ff755a23efd2fa34a0515b12eecb7d8ed4e3806f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C21B822B0DB9195E7308BD5E4652ADB7A9FB48780F444132EA8E33B95DF7CD512C700
                                                                                                                                                                                                                                                  Function 00007FFD939546FC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_srvr.c$tls_process_end_of_early_data
                                                                                                                                                                                                                                                  • API String ID: 193678381-3379596787
                                                                                                                                                                                                                                                  • Opcode ID: beaa9cb0c1abfa1e1bc0eb669672cbfd1bed8cd5fffdc03fa174592bbe2adcfe
                                                                                                                                                                                                                                                  • Instruction ID: f88110f285a04416fe8c1d6cb088ed0f181dc2703e57582d8d34c9016741af0c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: beaa9cb0c1abfa1e1bc0eb669672cbfd1bed8cd5fffdc03fa174592bbe2adcfe
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F119336B1824196E760EBE9E9217FD6355EFC0744F480032DE0E97296DEADD480C700
                                                                                                                                                                                                                                                  Function 00007FFD938E1168 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_early_data
                                                                                                                                                                                                                                                  • API String ID: 193678381-408386505
                                                                                                                                                                                                                                                  • Opcode ID: 0cf50f3f80cca980f84d80de7a713fbca74cd6b952973251a9bf5ba5733eb537
                                                                                                                                                                                                                                                  • Instruction ID: cf6a62cd6b3101921b7c0b063519926a036da92701c15ac4296bc0b08bbac49d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0cf50f3f80cca980f84d80de7a713fbca74cd6b952973251a9bf5ba5733eb537
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35016295F08242A2F774A7E0D8793F6139C9F44314F944031D90E666D2DF2CA9D2CA00
                                                                                                                                                                                                                                                  Function 00007FFD93921454 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_errorY_get0_group
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\tls_depr.c$ssl_set_tmp_ecdh_groups
                                                                                                                                                                                                                                                  • API String ID: 2690379533-3926364423
                                                                                                                                                                                                                                                  • Opcode ID: 68489a538686b752c9f2948f9d1530e8915f1fc4dfe4fbf8939f8a3c3b18f5ad
                                                                                                                                                                                                                                                  • Instruction ID: 08466630d0264e5b8359dbe02db6e36597632696c9fd81f6f49580715e000dd3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 68489a538686b752c9f2948f9d1530e8915f1fc4dfe4fbf8939f8a3c3b18f5ad
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2F0E255B1824272E7A0E7E1E8213FA23599F58380F900031E80C63BD3EE2CD5804B01
                                                                                                                                                                                                                                                  Function 00007FFD93915160 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: X509_get0_pubkeyY_get_security_bits$X509_get_extension_flagsX509_get_signature_info
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3836818763-0
                                                                                                                                                                                                                                                  • Opcode ID: 881e7ae5a45f0a571fb5a722c38be3c32f9cab0c888addf428be226d2df2081b
                                                                                                                                                                                                                                                  • Instruction ID: 34a2cd4024cf1d2ed73c065fac497e33b9d7e529c2cbad0b4022659cd0c650d9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 881e7ae5a45f0a571fb5a722c38be3c32f9cab0c888addf428be226d2df2081b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BA41B722B0C28255FA75AED6A421BBA9788BF98784F554431ED4D7BBC6DF3CE4408B00
                                                                                                                                                                                                                                                  Function 00007FFD938E16EA Relevance: 9.1, APIs: 6, Instructions: 63COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_next$O_free_all$O_up_ref
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1216991848-0
                                                                                                                                                                                                                                                  • Opcode ID: 0aa353734cd2757dcafc435e18f9e496c362ffaffce6a2e2fac3e9d2a8b7e651
                                                                                                                                                                                                                                                  • Instruction ID: 480333207d606eeab9cd0c9820cd5038572a6cd6607023fba045586516b73f61
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0aa353734cd2757dcafc435e18f9e496c362ffaffce6a2e2fac3e9d2a8b7e651
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE21711AB1AA4291EEB4BBD5D1A223C5368FF44FC4F440531DE4E37B99CE2CE8918700
                                                                                                                                                                                                                                                  Function 00007FFD93905320 Relevance: 9.0, APIs: 6, Instructions: 33COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: X_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2268491255-0
                                                                                                                                                                                                                                                  • Opcode ID: 9ebb44a18d46cd6d82ab736cafde8de4ff649955874f619762421e4823475d1b
                                                                                                                                                                                                                                                  • Instruction ID: 4e19cab966c28cda72350149a1dc11e18a32ae0d4406af47ae8cc8b2dd0da730
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ebb44a18d46cd6d82ab736cafde8de4ff649955874f619762421e4823475d1b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AF014036708B81D0D754AFE2D4A03A863E8FF90F84F488135DE8D5A6AACE28C0928750
                                                                                                                                                                                                                                                  Function 00007FFD93916310 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 89COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\t1_lib.c$tls12_copy_sigalgs
                                                                                                                                                                                                                                                  • API String ID: 1552677711-2872464142
                                                                                                                                                                                                                                                  • Opcode ID: 980a02a6581a01fbe6dc403342e0bf76759dcebfcdda83b0d3c88b9f4d256004
                                                                                                                                                                                                                                                  • Instruction ID: 618c82c60e7923dbe35e16295b888b327961a1fd67e4e65168413aad82a3581c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 980a02a6581a01fbe6dc403342e0bf76759dcebfcdda83b0d3c88b9f4d256004
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0031DE22F08252A1E770DBD5D5A477A23A8EB48B88F584431EE88776C5DF3CE882C750
                                                                                                                                                                                                                                                  Function 00007FFD9391E6E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • BIO_indent.LIBCRYPTO-3(FFFFFFFE,00000000,0000004D,00007FFD9391E5C1,?,?,?,?,?,?,?,00007FFD9391D7CC), ref: 00007FFD9391E752
                                                                                                                                                                                                                                                  • BIO_printf.LIBCRYPTO-3(FFFFFFFE,00000000,0000004D,00007FFD9391E5C1,?,?,?,?,?,?,?,00007FFD9391D7CC), ref: 00007FFD9391E78B
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_indentO_printf
                                                                                                                                                                                                                                                  • String ID: Signature$Signature Algorithm: %s (0x%04x)$UNKNOWN
                                                                                                                                                                                                                                                  • API String ID: 1860387303-3399393549
                                                                                                                                                                                                                                                  • Opcode ID: 1fe9459a3b0e58aa9dde9dad7f9a90a73c342d53d064fb4b9bf4dcef0591f6d8
                                                                                                                                                                                                                                                  • Instruction ID: 190a4ef9665e4f306d90b6b1cee9ab50aa0cc84bcd23cf5342c36464472a70e0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1fe9459a3b0e58aa9dde9dad7f9a90a73c342d53d064fb4b9bf4dcef0591f6d8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D931D623B08B9096E720DF9AE4252A977A5F788BA0F494232EEAD137D1DF3CD041C700
                                                                                                                                                                                                                                                  Function 00007FFD938E1453 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_new$R_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_supported_versions
                                                                                                                                                                                                                                                  • API String ID: 476316267-1917491940
                                                                                                                                                                                                                                                  • Opcode ID: c659e60a4cb5b7cfb9d646d06c25c46f0c530abaf28ab41a8ad4c29e66aed8cd
                                                                                                                                                                                                                                                  • Instruction ID: f2e23790041d729782358264e47a370c1457c0fcd51e902992e2c228064debbd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c659e60a4cb5b7cfb9d646d06c25c46f0c530abaf28ab41a8ad4c29e66aed8cd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FC21C892B0C24362F778A7E5E9797B913999F847C0F444031DE5E976E2DE2FE8818701
                                                                                                                                                                                                                                                  Function 00007FFD938F9410 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 67COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: L_strcasecmp
                                                                                                                                                                                                                                                  • String ID: +automatic$auto$automatic
                                                                                                                                                                                                                                                  • API String ID: 4194642261-1892669398
                                                                                                                                                                                                                                                  • Opcode ID: 119b423f726b6808b0a7a4277664e31be03bf93c97af1285d5ef739f9ec5cf63
                                                                                                                                                                                                                                                  • Instruction ID: ddb25ed582927f93de39896f396cef11feaee75a55a1d9f630bdeadf8e007f56
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 119b423f726b6808b0a7a4277664e31be03bf93c97af1285d5ef739f9ec5cf63
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB21F726F0EB5241EB749B95E4202797359AFA1BC0F484831EE4E27786DE2DEA148780
                                                                                                                                                                                                                                                  Function 00007FFD938E1794 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_new$R_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_sig_algs_cert
                                                                                                                                                                                                                                                  • API String ID: 476316267-1840853530
                                                                                                                                                                                                                                                  • Opcode ID: 1073be0a9b484ce19d832c05d5a2653f12d436c50a18cc8e4b4aec750ab669b4
                                                                                                                                                                                                                                                  • Instruction ID: ea1bd43af589d594197f18acf79f3583bd0e6af8118f9a21cde91497d4d524fa
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1073be0a9b484ce19d832c05d5a2653f12d436c50a18cc8e4b4aec750ab669b4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8121AA62F1C69657E7786BE4E8317BA6399EB94344F044131E98D56691DF3CE2D0CB00
                                                                                                                                                                                                                                                  Function 00007FFD9391D6E6 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 53COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_indentO_printf
                                                                                                                                                                                                                                                  • String ID: %s=0x%x (%s)$cookie$server_version
                                                                                                                                                                                                                                                  • API String ID: 1860387303-2821402668
                                                                                                                                                                                                                                                  • Opcode ID: cdcd296945ee0c6af791d258c8f2ca5dcabc6c3aa595190e87285eab1cdc08fc
                                                                                                                                                                                                                                                  • Instruction ID: deede911bf6864374ce87f208a92d1ed79df125477d61ad1064623b17f27b452
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cdcd296945ee0c6af791d258c8f2ca5dcabc6c3aa595190e87285eab1cdc08fc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48112763B1C69264E630ABC8E4242B9735AEB85BB0F444232D96E377E5DE3CD482C304
                                                                                                                                                                                                                                                  Function 00007FFD938E2234 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_lib.c$SSL_set_ct_validation_callback
                                                                                                                                                                                                                                                  • API String ID: 1552677711-4238296029
                                                                                                                                                                                                                                                  • Opcode ID: 8462e2679c906cc9e36448615c1024ad7288fc3c80b789c1f52a7dda222a32f6
                                                                                                                                                                                                                                                  • Instruction ID: cdab27e34ec1365a124e88b72c241a709d9c11444e520bf0c70a838a6a0b8a48
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8462e2679c906cc9e36448615c1024ad7288fc3c80b789c1f52a7dda222a32f6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA11A736B1868291E7A0DB95E8507AD73A8FF84BC4F584131EE8D67B95DF2DD841C700
                                                                                                                                                                                                                                                  Function 00007FFD938E22E3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_ctrlR_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\d1_lib.c$dtls1_check_timeout_num
                                                                                                                                                                                                                                                  • API String ID: 2442628283-2777391390
                                                                                                                                                                                                                                                  • Opcode ID: ece99f8b41be008867fb24bbc8c5f3b11974ce740c8e357ce5a1e4c914765ca1
                                                                                                                                                                                                                                                  • Instruction ID: 49edcb5b7950954685ec73d3642e42e6c00eba4b5fc9100188e8b3f9f82effd3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ece99f8b41be008867fb24bbc8c5f3b11974ce740c8e357ce5a1e4c914765ca1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D11A076B1828291EBB8BBE5D8657FD23A9EF84B40F440135EE1D27792CF2D9580C710
                                                                                                                                                                                                                                                  Function 00007FFD938E15EB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_rsa_legacy.c$SSL_CTX_use_RSAPrivateKey_ASN1
                                                                                                                                                                                                                                                  • API String ID: 1552677711-3275896764
                                                                                                                                                                                                                                                  • Opcode ID: 9e56ce5bafe41f2b96d3e62e59f2184fb4715dd5390d44e28bd56edd0f1eaa74
                                                                                                                                                                                                                                                  • Instruction ID: 69d03e65512ea323d2f970272c315f1125457aaa5659d4c98d2b8c20eeabcfcf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e56ce5bafe41f2b96d3e62e59f2184fb4715dd5390d44e28bd56edd0f1eaa74
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8501A755B1C30262EA64B7E5F5613B95398EF483C0F540032FA4E67BD7DD2CD4808B00
                                                                                                                                                                                                                                                  Function 00007FFD938E10F5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\pqueue.c$pqueue_new
                                                                                                                                                                                                                                                  • API String ID: 1552677711-2823724430
                                                                                                                                                                                                                                                  • Opcode ID: 4fec400a62d84a03df9aedca83976200def0fce04fbe909b966fde54edf37fc4
                                                                                                                                                                                                                                                  • Instruction ID: 3b146ad6ecb8ad1563eee5912aed2614b3009205b47a31b6a6d98c3251165378
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4fec400a62d84a03df9aedca83976200def0fce04fbe909b966fde54edf37fc4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49F0BE65B0A203A5EB34BFE0E420BF92328AF44708F800035DC0C266A2EE2CF695CB40
                                                                                                                                                                                                                                                  Function 00007FFD938ED0EC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\s3_lib.c$ssl3_ctrl
                                                                                                                                                                                                                                                  • API String ID: 1552677711-3079590724
                                                                                                                                                                                                                                                  • Opcode ID: a860d735f6fe460b9ed38740efebbfc35dfccece810951fad2f9c33abfa7f6eb
                                                                                                                                                                                                                                                  • Instruction ID: 857bf068fa7672c0f0667570313a2716a2840927569dee3f33f062e972c057d7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a860d735f6fe460b9ed38740efebbfc35dfccece810951fad2f9c33abfa7f6eb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BBF0E21AB0C642E5F374FBE4E0202FA2318EF44790F840032CE0D32A869F2DE989C710
                                                                                                                                                                                                                                                  Function 00007FFD938E2419 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_rsa.c$SSL_CTX_use_PrivateKey
                                                                                                                                                                                                                                                  • API String ID: 1552677711-4052895991
                                                                                                                                                                                                                                                  • Opcode ID: 2db8c2c8c9cf176edf010fd05d8a89cb4bab678f973f7b3dc051a121d1e1995f
                                                                                                                                                                                                                                                  • Instruction ID: 08adca7b68a0036dd13b9b37546033747086f85aefa78014940a62a5d0065eb0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2db8c2c8c9cf176edf010fd05d8a89cb4bab678f973f7b3dc051a121d1e1995f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17E06559F1A602A1F774A3F488367F91355AF94304FA04031D90D726D2EE1CA5868640
                                                                                                                                                                                                                                                  Function 00007FFD939133F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\t1_lib.c$SSL_set_tlsext_max_fragment_length
                                                                                                                                                                                                                                                  • API String ID: 1552677711-2316233728
                                                                                                                                                                                                                                                  • Opcode ID: 9ed479348e7acf0d09b4a017a7bde8f21df55abddd4617647bbf75be60f4deba
                                                                                                                                                                                                                                                  • Instruction ID: e7ef11cc0e937e4e80a3116ce27cb997db20585fed85bfa1438226ba86172a15
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ed479348e7acf0d09b4a017a7bde8f21df55abddd4617647bbf75be60f4deba
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7EE09259F19181A2F3A0F3F4D8667EA1355AB50300FD04030E40D326D3DE1CA58A8A01
                                                                                                                                                                                                                                                  Function 00007FFD93913150 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\t1_lib.c$SSL_CTX_set_tlsext_max_fragment_length
                                                                                                                                                                                                                                                  • API String ID: 1552677711-1180925554
                                                                                                                                                                                                                                                  • Opcode ID: a2ccf03ef1e851bf608a7eabc95ac11aa916ea27bfcf4fac2c59953d6929bc0a
                                                                                                                                                                                                                                                  • Instruction ID: 00dddd88bd8e728b0ad77319de220936024402a7e94729384830a05fc24bb604
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a2ccf03ef1e851bf608a7eabc95ac11aa916ea27bfcf4fac2c59953d6929bc0a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37E09259F19585A2F3A4B3F8D86A3EA1359AF90301FE04431E00D326D3ED1CA68A8B01
                                                                                                                                                                                                                                                  Function 00007FFD938ED0A2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 18COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\s3_lib.c$ssl3_ctrl
                                                                                                                                                                                                                                                  • API String ID: 1552677711-3079590724
                                                                                                                                                                                                                                                  • Opcode ID: 331e23a8593135e9122189d94e75dd2e319d85b15da77aefea71476a8b35d0aa
                                                                                                                                                                                                                                                  • Instruction ID: e86435db682a46ec6503e777efbca95ba772c61ee507f11104d9d7820dbf0042
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 331e23a8593135e9122189d94e75dd2e319d85b15da77aefea71476a8b35d0aa
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49E04F1AB1D502A5E3B0E7E4E4216EA2325EB443A4F940032DE0D22696DE2DE8C6DB40
                                                                                                                                                                                                                                                  Function 00007FFD938E1445 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 17COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                                                                  • API String ID: 1552677711-2204979087
                                                                                                                                                                                                                                                  • Opcode ID: eb668bfcb294817dc9ac1ed38ec7e655d6b9154359c3840f46d898fa57ace209
                                                                                                                                                                                                                                                  • Instruction ID: 27141e8e433a421f46e826ad9d30ab102f499e66907bdd32d3de164c6fcb7dee
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb668bfcb294817dc9ac1ed38ec7e655d6b9154359c3840f46d898fa57ace209
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CAE0BF59F29246A6E370F7E0D8667FA2358AB50310FD04031E50D636D2DE2DA5858B40
                                                                                                                                                                                                                                                  Function 00007FFD93907569 Relevance: 7.5, APIs: 5, Instructions: 46COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: D_fetchJ_nid2snR_get0_providerR_pop_to_markR_set_mark
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2255186618-0
                                                                                                                                                                                                                                                  • Opcode ID: 7194dbe5204d18a8701bfccbbb21cc035255ebbdc26918a4116d2f00c3ab87c5
                                                                                                                                                                                                                                                  • Instruction ID: e0cb2d0f61b96a0bd2bec931e4db09fa0c971628a5c8bf99027fd0200643f870
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7194dbe5204d18a8701bfccbbb21cc035255ebbdc26918a4116d2f00c3ab87c5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01018F56F0E34252FA7977E694613BC12598F58B80F481434EE0E777C7EC2DF9914A40
                                                                                                                                                                                                                                                  Function 00007FFD938E2518 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: X509_$E_dupE_freeL_sk_new_nullL_sk_pushX509_get_subject_name
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2231116090-0
                                                                                                                                                                                                                                                  • Opcode ID: b707467de0e1d467bf08f39588a23152d1c84b8d386ac6a80151553d34bc738a
                                                                                                                                                                                                                                                  • Instruction ID: 005144e05660140d01d09b844d275dbc8f41883f0c34da0c4af25b0b3f65f249
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b707467de0e1d467bf08f39588a23152d1c84b8d386ac6a80151553d34bc738a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57016969F0E74240EEB5A7E6A2753B95298AF5CBC0F4C0131ED4C5B7C6FE2DE8914A40
                                                                                                                                                                                                                                                  Function 00007FFD9395356F Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_srvr.c$ossl_statem_server13_write_transition
                                                                                                                                                                                                                                                  • API String ID: 193678381-3318936413
                                                                                                                                                                                                                                                  • Opcode ID: 6efa294c1ad19f707bf2ef4ad857f38fbf02fc170b61755b2bafccc7db413706
                                                                                                                                                                                                                                                  • Instruction ID: 593adad5f20f5aa79047063bb28bf41b56a5c5b82b186a5bb0cad9eb6e706a67
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6efa294c1ad19f707bf2ef4ad857f38fbf02fc170b61755b2bafccc7db413706
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1901CCE3F19241D7E360A3E4ECBE7AF2364DB24384F8A5430DA09923D2E92CE1418702
                                                                                                                                                                                                                                                  Function 00007FFD938E10AA Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 82COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_sig_algs
                                                                                                                                                                                                                                                  • API String ID: 193678381-4035473336
                                                                                                                                                                                                                                                  • Opcode ID: 93acb5a60f194efea92f892e52a2113056a595ac35d7cd52714ab02f45be1271
                                                                                                                                                                                                                                                  • Instruction ID: 29bf9d6b1f08ca81c7d1effbd1dda2d317d9b1746c1bcfff9837f3c84fccd416
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 93acb5a60f194efea92f892e52a2113056a595ac35d7cd52714ab02f45be1271
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99318991B1C28391F774A792D9A13F96359EF847D4F580031ED4DA7BD6DE2DD8428700
                                                                                                                                                                                                                                                  Function 00007FFD938E2680 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 82COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_server_name
                                                                                                                                                                                                                                                  • API String ID: 0-1970769450
                                                                                                                                                                                                                                                  • Opcode ID: 34511d4b9de82d24d5ece8db136f53805f6cceb319a47cd89415a3a91dad916c
                                                                                                                                                                                                                                                  • Instruction ID: 62b3549c6767ec19c6c6a501fd784b8514994bab4aa52bb1b04845f430cd1623
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 34511d4b9de82d24d5ece8db136f53805f6cceb319a47cd89415a3a91dad916c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4431A751F9C24365FBB8B7A6E9667B91389AF807C4F485430DD0E57BC6EE5DE4808700
                                                                                                                                                                                                                                                  Function 00007FFD938E23D3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_srp
                                                                                                                                                                                                                                                  • API String ID: 0-2342567248
                                                                                                                                                                                                                                                  • Opcode ID: 943edc0e63e99509b6e1097d3a36206b7d29b06efda21a5f0624fff267cc6705
                                                                                                                                                                                                                                                  • Instruction ID: 4db15b82c1bdb551e1f8115c3c36a1b1499935149504e59a02999b4c64fe08c4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 943edc0e63e99509b6e1097d3a36206b7d29b06efda21a5f0624fff267cc6705
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35216251F5C24361FB78ABA6E9617B913A8EF807C0F581030DD8E5BBC6DE6DE8808740
                                                                                                                                                                                                                                                  Function 00007FFD9391B140 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_indentO_printf
                                                                                                                                                                                                                                                  • String ID: %s (%d)$UNKNOWN
                                                                                                                                                                                                                                                  • API String ID: 1860387303-2251275378
                                                                                                                                                                                                                                                  • Opcode ID: a6b6a6df7af930050c1c9ecaa713cb2278706dcd97de78112f4413c0d46a13d3
                                                                                                                                                                                                                                                  • Instruction ID: dc17d01c4b6c24884f69de7581516469b2540acc317e54daeefe38e3f0fed340
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a6b6a6df7af930050c1c9ecaa713cb2278706dcd97de78112f4413c0d46a13d3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0421F823B0878195E7619BD6B8107AAABDAFB48BE0F484031DE4E63B44DF3CD482C700
                                                                                                                                                                                                                                                  Function 00007FFD938E2220 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_renegotiate
                                                                                                                                                                                                                                                  • API String ID: 0-2728901138
                                                                                                                                                                                                                                                  • Opcode ID: bdcab20151f23b24382d85dfed289776668da40e968fadb33af8566278ae17ab
                                                                                                                                                                                                                                                  • Instruction ID: ab7548b12f12eecc3b8f42247fdbb705d7eaa8baa68b02a879282245384b3ef2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bdcab20151f23b24382d85dfed289776668da40e968fadb33af8566278ae17ab
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD215351F1824361FB78A7AAE9257F9539AAF817C4F481030DE0D57AC6DE2EE451C300
                                                                                                                                                                                                                                                  Function 00007FFD93931515 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_clnt.c$ssl_next_proto_validate
                                                                                                                                                                                                                                                  • API String ID: 193678381-4274311015
                                                                                                                                                                                                                                                  • Opcode ID: d353fbfe16af1f62cb03c90cdbc643ac01b197627e56d7d95c29f2578f6c9a59
                                                                                                                                                                                                                                                  • Instruction ID: 7499d316d09e9b719dd9eef1b645e7bab1946969cb49c70693fdc27afeaaa3fc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d353fbfe16af1f62cb03c90cdbc643ac01b197627e56d7d95c29f2578f6c9a59
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7111A7A2F1968592EB7497A0E8203F96398FF58344F049530EA8D526D6FF2CD6D08700
                                                                                                                                                                                                                                                  Function 00007FFD938E2383 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_psk
                                                                                                                                                                                                                                                  • API String ID: 0-812599056
                                                                                                                                                                                                                                                  • Opcode ID: eeccbbb32b76ba9bae1e043c7bc09835041dc0111c37c0e5be4ea264feb94254
                                                                                                                                                                                                                                                  • Instruction ID: 71eae90f0a512deabf60b56dc71d4412aeed881bdc312138fa2e0f374d15267e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eeccbbb32b76ba9bae1e043c7bc09835041dc0111c37c0e5be4ea264feb94254
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F118252B1C10391FB78A7A6F9657B92359AF84BC4F480031EE1D6B6C7DE6DE881C700
                                                                                                                                                                                                                                                  Function 00007FFD938E17C1 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_maxfragmentlen
                                                                                                                                                                                                                                                  • API String ID: 0-2022521710
                                                                                                                                                                                                                                                  • Opcode ID: 7121d7135b88c0a3065736cbe285c967d0b49d4b6b9c83b41b2096a3de0b935f
                                                                                                                                                                                                                                                  • Instruction ID: 6bf3ee8f45d3b75eb864ca26c73b94abd5e1254c9abaabe19980a3a33c89f765
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7121d7135b88c0a3065736cbe285c967d0b49d4b6b9c83b41b2096a3de0b935f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A119151B1C18261FB78B7A6E9217F95388AF847C8F480031ED5E5B6D7DE6EE9908700
                                                                                                                                                                                                                                                  Function 00007FFD938E2284 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_npn
                                                                                                                                                                                                                                                  • API String ID: 193678381-1466421906
                                                                                                                                                                                                                                                  • Opcode ID: 8afd534d9299c95660158255d97b204701d378102185c2ea48e831cca1ee68a7
                                                                                                                                                                                                                                                  • Instruction ID: dc5d98887cac301b3864a666ed3686e8cf0f54dcff956bb89a04b470abf360bd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8afd534d9299c95660158255d97b204701d378102185c2ea48e831cca1ee68a7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE11E751F1954291F7B89799E5697F91398FF847C0F484130D94D576D2EE2CE5C1C700
                                                                                                                                                                                                                                                  Function 00007FFD938E131B Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_session_ticket
                                                                                                                                                                                                                                                  • API String ID: 193678381-585220546
                                                                                                                                                                                                                                                  • Opcode ID: eb846ac678087158e2c67ac383ea53e3b93b01c0cb31d0e691917168a44ddfcf
                                                                                                                                                                                                                                                  • Instruction ID: 6b655826c078245a6f3b4cc460bb148e58cfaa8c9a1f44d75abed9293cfb5aea
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb846ac678087158e2c67ac383ea53e3b93b01c0cb31d0e691917168a44ddfcf
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62110661F1C10262F778E79AF525BBA6399AF84780F480030DD0E57AD2DE2DD890C700
                                                                                                                                                                                                                                                  Function 00007FFD938E244B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_ems
                                                                                                                                                                                                                                                  • API String ID: 0-3344448950
                                                                                                                                                                                                                                                  • Opcode ID: 7d42cc853efd7ee615ab6343815f0cf12b16cf0252ae072f7107ffdf345cb191
                                                                                                                                                                                                                                                  • Instruction ID: b5f268eec10d7165e85621a6b6b389f5de62db011f16e6c7c63228af63383b42
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d42cc853efd7ee615ab6343815f0cf12b16cf0252ae072f7107ffdf345cb191
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB010461B18142A2F778E3D6F921BFA6388AF847C4F484030EE4D57AD7EE6DD8808700
                                                                                                                                                                                                                                                  Function 00007FFD938E1370 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_srvr.c$ossl_statem_server_write_transition
                                                                                                                                                                                                                                                  • API String ID: 0-415349073
                                                                                                                                                                                                                                                  • Opcode ID: 6264c82bce936dc4e222d51c453f8f3279ad91e46b03a388bfdd0a29d8ca076a
                                                                                                                                                                                                                                                  • Instruction ID: 354ecb7bfee34f8a2b976171a5bf677922f849bc9eace35a2a979d1e2257014d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6264c82bce936dc4e222d51c453f8f3279ad91e46b03a388bfdd0a29d8ca076a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6201C022F09342A2E3B4D7E0D8A57B82359EB85744F984431DD4EA7792CE6DE9C1C740
                                                                                                                                                                                                                                                  Function 00007FFD938E2090 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_srvr.c$tls_construct_cert_status_body
                                                                                                                                                                                                                                                  • API String ID: 193678381-3528029177
                                                                                                                                                                                                                                                  • Opcode ID: 184bcb2692faef8dcb7cacd9a3b53eb889625a245df9c3a114ce7551c4987a05
                                                                                                                                                                                                                                                  • Instruction ID: ad373f8bb502b61548d9d884d9b67fc62696fcd7021fd37efc897475b6d4f607
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 184bcb2692faef8dcb7cacd9a3b53eb889625a245df9c3a114ce7551c4987a05
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 67017125F1824295E774A7E2E961BFD2358AF84BC4F884031EE0E6BBC6DE5DE5818740
                                                                                                                                                                                                                                                  Function 00007FFD93952610 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00007FFD93952F70: ERR_new.LIBCRYPTO-3(?,00007FFD9395299D,?,?,?,?,00000000,?,?,?,00007FFD93956186), ref: 00007FFD93952FFE
                                                                                                                                                                                                                                                    • Part of subcall function 00007FFD93952F70: ERR_set_debug.LIBCRYPTO-3(?,00007FFD9395299D,?,?,?,?,00000000,?,?,?,00007FFD93956186), ref: 00007FFD93953016
                                                                                                                                                                                                                                                  • ERR_new.LIBCRYPTO-3 ref: 00007FFD9395266F
                                                                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3 ref: 00007FFD93952687
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_srvr.c$construct_stateful_ticket
                                                                                                                                                                                                                                                  • API String ID: 193678381-2590191291
                                                                                                                                                                                                                                                  • Opcode ID: 0f7dafc98d90613b83f017ada08391b04d7974ff0cd474e88b6cb41dc6d26d55
                                                                                                                                                                                                                                                  • Instruction ID: a742d17f53f5c1de16f3dd088efca98d275ccb6e9527d2efc023228054d9dc2e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f7dafc98d90613b83f017ada08391b04d7974ff0cd474e88b6cb41dc6d26d55
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A01B121B19743A1E7B4B7E2F9617F91358AF847C0F440032EE0DA7686EE6CE4908700
                                                                                                                                                                                                                                                  Function 00007FFD938E13AC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_srvr.c$ossl_statem_server_process_message
                                                                                                                                                                                                                                                  • API String ID: 193678381-2684089212
                                                                                                                                                                                                                                                  • Opcode ID: f4a3fc006d1a9dc02869140602423b720948628d9e0aa97709a68bdf5bfa30ae
                                                                                                                                                                                                                                                  • Instruction ID: a50cac826451d832e6a7dc22b5ae65a4767c2cf03e210eefbeb24de35002ec69
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f4a3fc006d1a9dc02869140602423b720948628d9e0aa97709a68bdf5bfa30ae
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57F0F426B1C241A6E360A7E5E8627B96358AB44784F900532EE4E536E6DE2DD642CB00
                                                                                                                                                                                                                                                  Function 00007FFD938E1276 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_lib.c$tls_construct_key_update
                                                                                                                                                                                                                                                  • API String ID: 193678381-4067644432
                                                                                                                                                                                                                                                  • Opcode ID: 62b6398d1d177a83efef6f8a310cf5ae1e3ff013ebdd44d13bb9d40ff3be7047
                                                                                                                                                                                                                                                  • Instruction ID: 434e37b54ea10ce5dcc2031fa60c5c6e912c102adfca6006db455cd2d8265ccf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 62b6398d1d177a83efef6f8a310cf5ae1e3ff013ebdd44d13bb9d40ff3be7047
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 33F0BEA5F1924362FBB4BBE5D829BF823489F85794F444132ED0D677D2EF2DA5818B00
                                                                                                                                                                                                                                                  Function 00007FFD938E2563 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_clnt.c$ossl_statem_client_construct_message
                                                                                                                                                                                                                                                  • API String ID: 193678381-1769619531
                                                                                                                                                                                                                                                  • Opcode ID: 13bc08e60732ebf9c5fbe26a6217c2373a936ece81e218a71fcb6cb508fc0a82
                                                                                                                                                                                                                                                  • Instruction ID: 7473821c758a0f16b3fca5b839ad8eb9791fc213f34a29b2ed452ec101925ebd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 13bc08e60732ebf9c5fbe26a6217c2373a936ece81e218a71fcb6cb508fc0a82
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3AF0B462F18542A7E370A3E4E8A57F96758AF89714F508531E90EA33D2EE2DE242C700
                                                                                                                                                                                                                                                  Function 00007FFD93925330 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\record\rec_layer_d1.c$dtls1_write_bytes
                                                                                                                                                                                                                                                  • API String ID: 193678381-1372159586
                                                                                                                                                                                                                                                  • Opcode ID: 92c8e341b9835d8f9078a0bd727e5bf1ccbcaea479ad0cb269e9fc6b3632c01d
                                                                                                                                                                                                                                                  • Instruction ID: d11c1a64f7f1d308f07e8e28bab9ff6e9cecceed15d1f5643fc93544fe1b84ab
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 92c8e341b9835d8f9078a0bd727e5bf1ccbcaea479ad0cb269e9fc6b3632c01d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4BF090A2F1860196E774B7E4E8217E96358AF88364F540131EA4C167D2DF7DD690CB50
                                                                                                                                                                                                                                                  Function 00007FFD938E1172 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_ems
                                                                                                                                                                                                                                                  • API String ID: 193678381-2230499117
                                                                                                                                                                                                                                                  • Opcode ID: 53df696fefbac6b795cc0ce54585cb5dfe01f3e0f5d899642b7c799f82f128c5
                                                                                                                                                                                                                                                  • Instruction ID: 008f7e0e973e47371b16db7af21af3dabc8474b40fa3c8ddc810b91ed7186d39
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 53df696fefbac6b795cc0ce54585cb5dfe01f3e0f5d899642b7c799f82f128c5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6F0B4A2F0928262F778E7E0D4697E92398DF40344F540030D90EA26D3DF6D69D5C700
                                                                                                                                                                                                                                                  Function 00007FFD938E155F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_clnt.c$tls_construct_end_of_early_data
                                                                                                                                                                                                                                                  • API String ID: 193678381-2034458699
                                                                                                                                                                                                                                                  • Opcode ID: 0948556e184ac68a7c19737e2948511d81886ddc747b700e31176f15218405f2
                                                                                                                                                                                                                                                  • Instruction ID: ff5eb04c9310c1198f5c1d98cb551fc7edc2a6710779b2540d4582f8ba0159ac
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0948556e184ac68a7c19737e2948511d81886ddc747b700e31176f15218405f2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C4F0AE62F1514392F774A7F4D829BE827849F44714F944131DD0DA77D1DE7DA592CB00
                                                                                                                                                                                                                                                  Function 00007FFD9394105E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_hello_req
                                                                                                                                                                                                                                                  • API String ID: 193678381-485657334
                                                                                                                                                                                                                                                  • Opcode ID: 380d9c9547a1b6624ac42043f6c6b0196d63454a39df10088a9d51e2176a6543
                                                                                                                                                                                                                                                  • Instruction ID: 3093859e21013c23a46d783559769da941a9093bfb38edf6d7bf1e0529cf544e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 380d9c9547a1b6624ac42043f6c6b0196d63454a39df10088a9d51e2176a6543
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8E08075F1824691E750DBD6F4115EA6355EFD0740F440032D90D33796DE7CE5558B00
                                                                                                                                                                                                                                                  Function 00007FFD939546BD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_srvr.c$tls_process_end_of_early_data
                                                                                                                                                                                                                                                  • API String ID: 193678381-3379596787
                                                                                                                                                                                                                                                  • Opcode ID: 7d853f27051ef305d6b60adcc0142e93ddeba444e40fe5a1c1a594763ef537fa
                                                                                                                                                                                                                                                  • Instruction ID: 7816cc351697c7f1bb900bc716f41ac61ca909bfe6d13cb9ff61b759643617d8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d853f27051ef305d6b60adcc0142e93ddeba444e40fe5a1c1a594763ef537fa
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69E0CD35B1814267E760E7E5F4215E96319BFD0340F840032D90D635D39EBCE581CB00
                                                                                                                                                                                                                                                  Function 00007FFD938E2257 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: X509_$E_add_lookupP_storeR_pop_to_markR_set_mark
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3476065580-0
                                                                                                                                                                                                                                                  • Opcode ID: cb09f1179bec7edb40e2e8d828763ab570d824e08acafdaa8ea17abc4de8bd5e
                                                                                                                                                                                                                                                  • Instruction ID: b2454a435ccac7ed0a3a54d9da5cdf8f7816b169543ceeaad64cacd7e1e503d5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cb09f1179bec7edb40e2e8d828763ab570d824e08acafdaa8ea17abc4de8bd5e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80F06266B0974241E760ABD5F4617ADA364EB48BD4F445131EE4C17B8AEE3CD5804B00
                                                                                                                                                                                                                                                  Function 00007FFD938FE080 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: X509_$E_add_lookupP_ctrl_exR_pop_to_markR_set_mark
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3663983608-0
                                                                                                                                                                                                                                                  • Opcode ID: 4e8de6fcb889ed67621b90c95a16faa81c60c72036cf917293118e90248bb0b4
                                                                                                                                                                                                                                                  • Instruction ID: 677405d48f8fae9293287ceda41d6472e3b4cb7df459271df222e57b96ce132c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e8de6fcb889ed67621b90c95a16faa81c60c72036cf917293118e90248bb0b4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62F0816AB0974241EB60ABD5F0617AD6368EB88BD4F044130EE4C17B8AEF3CD5804F00
                                                                                                                                                                                                                                                  Function 00007FFD938F9210 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: L_sk_dupL_sk_freeL_sk_set_cmp_funcL_sk_sort
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1312970346-0
                                                                                                                                                                                                                                                  • Opcode ID: 12e6d4d1afd1d1277fa0f79b28d99069ba464e4763cb726048a7bb04a3b838b0
                                                                                                                                                                                                                                                  • Instruction ID: 48c57e51460d6f75fcf9d897f876683df0de3bab9aba79b359af0602667e8ba5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12e6d4d1afd1d1277fa0f79b28d99069ba464e4763cb726048a7bb04a3b838b0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E3F08266B0C70191EB65ABEAF5A13B863989F98BC0F445031FE0D57797ED2CD4918700
                                                                                                                                                                                                                                                  Function 00007FFD939075B0 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: D_fetchE_finishJ_nid2snR_pop_to_markR_set_mark
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1050435054-0
                                                                                                                                                                                                                                                  • Opcode ID: 7127929cde7b4689b6cc282457a4f0a2dc6caeda5a604b8849c4ed66afc48e3b
                                                                                                                                                                                                                                                  • Instruction ID: 3d38008bb8368e307f37e4890c62908464305e3c0616faa67b5a527300ca7939
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7127929cde7b4689b6cc282457a4f0a2dc6caeda5a604b8849c4ed66afc48e3b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6EF0EC04F0E38211FA647BD6A45127D52595F88BC0F085034FD4D77BCBDD2CE5414B00
                                                                                                                                                                                                                                                  Function 00007FFD93907220 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: X_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2268491255-0
                                                                                                                                                                                                                                                  • Opcode ID: 363515c756ca6ebd85c3aec3c2b185af4ebda8eba70b28f4b052b87baa8bd7c7
                                                                                                                                                                                                                                                  • Instruction ID: bf6fa293b438ca5ff7e948adefbcda3a0ebbcb0b02709b11a53fb57ba1814220
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 363515c756ca6ebd85c3aec3c2b185af4ebda8eba70b28f4b052b87baa8bd7c7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7BF04F3670968591EB64AFE6D4603B863E8FF90F84F088131EE8C5A69ACE38C0518B50
                                                                                                                                                                                                                                                  Function 00007FFD938EE1B2 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: R_new$L_sk_new_nullL_sk_push
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1838660387-0
                                                                                                                                                                                                                                                  • Opcode ID: 6bb3114cdefc007a73e5d58c2eb7673d3f1539b19f24d31e1bcdfc093de9257b
                                                                                                                                                                                                                                                  • Instruction ID: 89d773c06df1c94164a4a3e576cfdba09904062a7baad8f09e24940c3988ffbb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6bb3114cdefc007a73e5d58c2eb7673d3f1539b19f24d31e1bcdfc093de9257b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18E03924F0D70291FA7867E592603BA12888F50785F040030DC8D2AB97EE6EF4C14715
                                                                                                                                                                                                                                                  Function 00007FFD938E182A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: D_bytes_ex_time64
                                                                                                                                                                                                                                                  • String ID: DOWNGRD
                                                                                                                                                                                                                                                  • API String ID: 2101710396-2922851170
                                                                                                                                                                                                                                                  • Opcode ID: f6d67c190e77e798052bc447661e4371ffaf2059aa6f14a98b87bb3de26420c3
                                                                                                                                                                                                                                                  • Instruction ID: d3fa3ec4e603add4750f9d3757faf27ce809642bf00810ccdd0479ec84b3d823
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f6d67c190e77e798052bc447661e4371ffaf2059aa6f14a98b87bb3de26420c3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4D210532B1C68282E7689BAAF56017D6795FBC8784F484035EB4F97745DE2CD8A0C300
                                                                                                                                                                                                                                                  Function 00007FFD939416B5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: -
                                                                                                                                                                                                                                                  • API String ID: 0-2547889144
                                                                                                                                                                                                                                                  • Opcode ID: 18d029d458eabf41ac2aecac09e559e94495be11c20fdf6dead91fd8276cdb86
                                                                                                                                                                                                                                                  • Instruction ID: 1ffbc3c520485a3d251282b74ca3a061966eb4974ea819a6702a182815805a1c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 18d029d458eabf41ac2aecac09e559e94495be11c20fdf6dead91fd8276cdb86
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D116072F0C24196FBA4AF9AE16436D2395EB88B8CF484035DA0D5B386DB3DD895CB00
                                                                                                                                                                                                                                                  Function 00007FFD93941677 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                                                                  • String ID: '
                                                                                                                                                                                                                                                  • API String ID: 3946675294-1997036262
                                                                                                                                                                                                                                                  • Opcode ID: b62216ac9af7fa7a938d27819fd2c62991d406f72beb77c406fed53e70659c17
                                                                                                                                                                                                                                                  • Instruction ID: 6383b2f219e6e2bdd33db090edcaef8f5baa6821d5bb67ace47f9dcb172243d4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b62216ac9af7fa7a938d27819fd2c62991d406f72beb77c406fed53e70659c17
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FFF09022B0C24196FBA4AFA6E0A437D2395EB88B88F184034DA0D5B7C6DE3CC4C58B00
                                                                                                                                                                                                                                                  Function 00007FFD939415BA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                                                                  • String ID: &
                                                                                                                                                                                                                                                  • API String ID: 3946675294-1010288
                                                                                                                                                                                                                                                  • Opcode ID: 9af2434b2b51eb0e017bfeb147360ef200104157f31cf2c17b3ec9d3b68af64c
                                                                                                                                                                                                                                                  • Instruction ID: 19b74a4e20864c224025b57ed664e0895d18395a7d8043d48628e30ccc43d3f4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9af2434b2b51eb0e017bfeb147360ef200104157f31cf2c17b3ec9d3b68af64c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FEF09622B0C24146FBA4DFA6E09437D2395EB88B88F084034CA0D5B786DE3CC4818700
                                                                                                                                                                                                                                                  Function 00007FFD938E22B1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.3402421171.00007FFD938E1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFD938E0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402396346.00007FFD938E0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402421171.00007FFD93962000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402499141.00007FFD93964000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402529671.00007FFD9398C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93991000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD93997000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.3402551633.00007FFD9399F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd938e0000_7EznMik8Fw.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: M_construct_endM_construct_octet_string
                                                                                                                                                                                                                                                  • String ID: ssl3-ms
                                                                                                                                                                                                                                                  • API String ID: 587842064-1523337083
                                                                                                                                                                                                                                                  • Opcode ID: f3b81e7553a3722f27a452938bcffddc8b5c379a9d9b03b29831c97483a52a15
                                                                                                                                                                                                                                                  • Instruction ID: b7cdcbe3b8a0d60e08ab33d84afbbfb15350d88812a1118464699e7923d395c6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f3b81e7553a3722f27a452938bcffddc8b5c379a9d9b03b29831c97483a52a15
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80012C53D08F8982E722DFB8C5111B86374FBA9B4CF55A321EA8C26117EF28E2D5C700